Date: Thu, 26 Sep 2002 02:14:14 +0530 From: "Unix Tools" <unixtools@hotmail.com> To: "Gerard Samuel" <gsam@trini0.org>, "Brossin Pierrick" <pbrossin@swissgeeks.com> Cc: "FreeBSD Questions" <questions@FreeBSD.ORG> Subject: Re: Chroot Message-ID: <OE75iyPoHZgzDgtZKpj00000619@hotmail.com> References: <3D908C45.3000302@trini0.org> <000d01c263e9$49c34920$3200000a@nitrox> <3D90A635.5060900@trini0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
rbash is the best option. I was quite succecful with it ----- Original Message ----- From: "Gerard Samuel" <gsam@trini0.org> To: "Brossin Pierrick" <pbrossin@swissgeeks.com> Cc: "FreeBSD Questions" <questions@FreeBSD.ORG> Sent: Tuesday, September 24, 2002 11:21 PM Subject: Re: Chroot > Your first half made total sense, and I was able to lock the root user > in /home/developer when > chroot was executed. > Your second half however, is not clicking with me at the moment. Here > is what I did.... > 1. Under /home/developer/bin create a new file (my_sh) with this -> > #!/bin/sh > /home/developer/bin/sh > chroot /home/developer/ > > 2. Chmod the file 555, chown root:wheel > 3. Enter vipw, and change the user "developer" shell to > /home/developer/bin/my_sh > > With these modifications, I can ssh into the account, but I can still > "break root" by cd'ing out of the home directory. > > Any advise would be greatly appreciated... > Thanks > > > Brossin Pierrick wrote: > > >Hi, > > > >|| Im trying to figure out how to restrict users from leaving their home > >|| directories. > >|| I would enter the new directory /usr/home/developer and issue the > >|| chroot command -> > >|| hivemind# chroot /usr/home/developer > >|| chroot: /bin/csh: No such file or directory > > > >It's because a chrooted directory is like the root dir of your system ! > >You have to create 'bin' 'etc' and stuff into /usr/home/developer. > >You should also copy csh into /usr/home/developer/bin. > > > >Your chrooted system will be completely independent of your system. > >This means if the user developer logs on, he won't be able to access the > >real /etc for example. > > > >I hope I'm clear enough. > > > >www.google.com for more info .. just type in "freebsd chroot". > > > >|| What am I doing wrong?? > >|| Also when this is set, how do I make it persist throught reboots. > >|| Make my own script in /usr/local/etc/rc.d ??? > >|| Thanks for any insight you may provide.... > > > >Just create a shell script and run it instead of running tcsh or sh or ... > >run 'vipw' and change it. > > > >Cya > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > -- > Gerard Samuel > http://www.trini0.org:81/ > http://dev.trini0.org:81/ > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE75iyPoHZgzDgtZKpj00000619>