Date: Tue, 9 Mar 1999 11:30:17 -0600 (CST) From: Licia <licia@o-o.org> To: Guy Helmer <ghelmer@scl.ameslab.gov> Cc: freebsd-chat@freebsd.org Subject: Re: A new feature for /usr/bin/login (feedback requested) Message-ID: <Pine.BSF.4.05.9903091120030.10107-100000@o-o.org> In-Reply-To: <Pine.SGI.4.05.9903091034530.13205-100000@demios.scl.ameslab.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Mar 1999, Guy Helmer wrote: > On Tue, 9 Mar 1999, Licia wrote: > > > I'm going to alter login so that any person with a login group of 80 will > > be automagically chrooted. If there is an entry for them in /etc/chroots > > they will be chrooted to the specified area (allowing several people to be > > chrooted to a common sub-area) and if there isn't an entry for them, they will > > be chrooted to their home directories. > > I think it would be better to add a new login capability to the login.conf > file that specifies a chroot directory for all members of the class. > With parameter substitution (e.g. "%u" for the user name, "%g" for the > primary group name), this could eliminate the need for the /etc/chroots > file you suggest. hmm sort of a chroot=pathname entry, with different login classes for each group of users, defaulting to home directory if not specified? > > > 2. Should I build some sort of prepackaged utility to set up chrooted > > environments (creating directory hierarchies, copying binaries, libraries, > > device files, etc) and if so what would the -minimum- set be for basic > > functionality? > > Sure, that would be useful. You might want to look into portal mounts WRT > chroot jails - it would save having to copy binaries, libraries, device > files, and configuration files. > Hmm portal mounts would work, but seem a little site-specific to offer generically, wouldn't you think? Actually, now that I think about it more most things that could be pre-done in a script would probably be very site specific... would it be safe to assume the average person using chrooted logins would be advanced enough to set up the environment properly? [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf] [ Telnet to o-o.org and log in as bbs ] [ ssh -l bbs -C o-o.org ] [ A happy user of FreeBSD : http://www.freebsd.org/ ] main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903091120030.10107-100000>