From owner-freebsd-chat  Fri Mar 12 16:51: 8 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id 2698414D23
	for <freebsd-chat@FreeBSD.ORG>; Fri, 12 Mar 1999 16:51:05 -0800 (PST)
	(envelope-from brett@lariat.org)
Received: (from brett@localhost)
	by lariat.lariat.org (8.8.8/8.8.6) id RAA20045;
	Fri, 12 Mar 1999 17:50:45 -0700 (MST)
Message-Id: <4.1.19990312174003.03fc2490@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Fri, 12 Mar 1999 17:50:42 -0700
To: Licia <licia@o-o.org>, freebsd-chat@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: added chroot to /usr/bin/login
Cc: fad@o-o.org
In-Reply-To: <Pine.BSF.4.05.9903121758540.24345-100000@o-o.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I like it! However, I guess my concern would be that assigning a fixed
number (in this case, 80) to the group that gets chrooted might not
be the best way to go. Groups in FreeBSD can contain only a limited
number of users, so this places a limit on the usefulness of the
feature. And if group 80 is already in use, it could require major
modifications to the file system to avoid problems.

How about something like the /etc/ftpchroot file, where one can list
both users and groups that are chrooted? Or the /etc/skey.access
file, which lets you use the tty, IP address, group membership,
and/or the individual user ID as criteria? (The latter may be overkill
for this situation.) You could probably snag the code right out of
ftpd to implement an etc/loginchroot file. Or it could be made into
a library which ftpd, login, and other programs could share.

--Brett

At 06:01 PM 3/12/99 -0600, Licia wrote:
 
>
>I've placed a small patch to /usr/src/usr.bin/login/login.c on my home site
>at http://www.o-o.org/~licia/projects/login/  that adds a simple and fairly
>clean way to chroot users at login time.  The 2.2.8R patch is tested, the
>FreeBSD-current patch is anyone's guess, although I think it should probably
>work :)
>
>
>     [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf]
>     [ Telnet to o-o.org and log in as bbs ]    [ ssh -l bbs -C o-o.org ]
>     [        A happy user of FreeBSD : http://www.freebsd.org/         ]
>
>  main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);}
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-chat" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message