Date: Fri, 09 Feb 1996 11:44:08 +0200 (IST) From: Gennady Sorokopud <gena@NetVision.net.il> To: Poul-Henning Kamp <phk@critter.tfs.com> Cc: (Julian Elischer) <julian@TFS.COM>, hackers@FreeBSD.org Subject: Re: CHROOT changes to login. Message-ID: <XFMail.960209114844.gena@NetVision.net.il> In-Reply-To: <1206.823850638@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! That's how i use chroot in login: if (pwd->pw_uid > 100) { char *new_dir; char *p; if (p =3D strstr(pwd->pw_dir, "/./")) { new_dir =3D p + 2; (void)setenv("HOME", new_dir, 1); =20 *p =3D '\0'; if (chroot(pwd->pw_dir) =3D=3D -1) fprintf(stderr, "WARNING! Failed to chroot to %s! Shell may run in unsecure mode!", pwd->pw_dir); } } IMHO "/./" is very convinient and wu-ftpd uses it too. On 09-Feb-96 Poul-Henning Kamp wrote: >>> > Could we also add a bit of code such that if the logname entered isn't >> > in the primary /etc/passwd, but the special userid "*chroot" (or similar) >> > is, then the chroot /etc/passwd will be consulted ? >> >=20 >> > I would hate to have all the users in the primary /etc/passwd too. >>=20 >> not a bad idea, but if you ever type your name wrong, you've had it.. > >That is perfectly fine for me. > >I see it as your "chroot" group mode is good for a few chrooted users. > >My "unknown" mode is good for the majority of users being chrooted. > >Having both is just added flexibility. > >-- >Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. >http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. >whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc. >Future will arrive by its own means, progress not so. -------- Gennady B. Sorokopud - System programmer at NetVision Israel. E-Mail: Gennady Sorokopud <gena@NetVision.net.il> Homepage: http://www.netvision.net.il/~gena This message was sent at 02/09/96 11:44:08 by XF-Mail
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.960209114844.gena>