From owner-freebsd-questions Thu Sep 26 1:45:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6708737B401 for ; Thu, 26 Sep 2002 01:45:27 -0700 (PDT) Received: from hotmail.com (oe75.pav2.hotmail.com [64.4.36.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id 186E343E65 for ; Thu, 26 Sep 2002 01:45:27 -0700 (PDT) (envelope-from unixtools@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 26 Sep 2002 01:45:26 -0700 X-Originating-IP: [202.41.224.36] From: "Unix Tools" To: "Gerard Samuel" , "Brossin Pierrick" Cc: "FreeBSD Questions" References: <3D908C45.3000302@trini0.org> <000d01c263e9$49c34920$3200000a@nitrox> <3D90A635.5060900@trini0.org> Subject: Re: Chroot Date: Thu, 26 Sep 2002 02:14:14 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 26 Sep 2002 08:45:26.0952 (UTC) FILETIME=[0FA09A80:01C26539] Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rbash is the best option. I was quite succecful with it ----- Original Message ----- From: "Gerard Samuel" To: "Brossin Pierrick" Cc: "FreeBSD Questions" Sent: Tuesday, September 24, 2002 11:21 PM Subject: Re: Chroot > Your first half made total sense, and I was able to lock the root user > in /home/developer when > chroot was executed. > Your second half however, is not clicking with me at the moment. Here > is what I did.... > 1. Under /home/developer/bin create a new file (my_sh) with this -> > #!/bin/sh > /home/developer/bin/sh > chroot /home/developer/ > > 2. Chmod the file 555, chown root:wheel > 3. Enter vipw, and change the user "developer" shell to > /home/developer/bin/my_sh > > With these modifications, I can ssh into the account, but I can still > "break root" by cd'ing out of the home directory. > > Any advise would be greatly appreciated... > Thanks > > > Brossin Pierrick wrote: > > >Hi, > > > >|| Im trying to figure out how to restrict users from leaving their home > >|| directories. > >|| I would enter the new directory /usr/home/developer and issue the > >|| chroot command -> > >|| hivemind# chroot /usr/home/developer > >|| chroot: /bin/csh: No such file or directory > > > >It's because a chrooted directory is like the root dir of your system ! > >You have to create 'bin' 'etc' and stuff into /usr/home/developer. > >You should also copy csh into /usr/home/developer/bin. > > > >Your chrooted system will be completely independent of your system. > >This means if the user developer logs on, he won't be able to access the > >real /etc for example. > > > >I hope I'm clear enough. > > > >www.google.com for more info .. just type in "freebsd chroot". > > > >|| What am I doing wrong?? > >|| Also when this is set, how do I make it persist throught reboots. > >|| Make my own script in /usr/local/etc/rc.d ??? > >|| Thanks for any insight you may provide.... > > > >Just create a shell script and run it instead of running tcsh or sh or ... > >run 'vipw' and change it. > > > >Cya > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > -- > Gerard Samuel > http://www.trini0.org:81/ > http://dev.trini0.org:81/ > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message