Date: Fri, 09 Feb 1996 11:44:08 +0200 (IST) From: Gennady Sorokopud <gena@NetVision.net.il> To: Poul-Henning Kamp <phk@critter.tfs.com> Cc: (Julian Elischer) <julian@TFS.COM>, hackers@FreeBSD.org Subject: Re: CHROOT changes to login. Message-ID: <XFMail.960209114844.gena@NetVision.net.il> In-Reply-To: <1206.823850638@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello!
That's how i use chroot in login:
if (pwd->pw_uid > 100) {
char *new_dir;
char *p;
if (p =3D strstr(pwd->pw_dir, "/./")) {
new_dir =3D p + 2;
(void)setenv("HOME", new_dir, 1);
=20
*p =3D '\0';
if (chroot(pwd->pw_dir) =3D=3D -1)
fprintf(stderr, "WARNING! Failed to chroot to %s! Shell may run
in unsecure mode!", pwd->pw_dir);
}
}
IMHO "/./" is very convinient and wu-ftpd uses it too.
On 09-Feb-96 Poul-Henning Kamp wrote:
>>> > Could we also add a bit of code such that if the logname entered isn't
>> > in the primary /etc/passwd, but the special userid "*chroot" (or similar)
>> > is, then the chroot /etc/passwd will be consulted ?
>> >=20
>> > I would hate to have all the users in the primary /etc/passwd too.
>>=20
>> not a bad idea, but if you ever type your name wrong, you've had it..
>
>That is perfectly fine for me.
>
>I see it as your "chroot" group mode is good for a few chrooted users.
>
>My "unknown" mode is good for the majority of users being chrooted.
>
>Having both is just added flexibility.
>
>--
>Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team.
>http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox.
>whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc.
>Future will arrive by its own means, progress not so.
--------
Gennady B. Sorokopud - System programmer at NetVision Israel.
E-Mail: Gennady Sorokopud <gena@NetVision.net.il>
Homepage: http://www.netvision.net.il/~gena
This message was sent at 02/09/96 11:44:08 by XF-Mail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.960209114844.gena>