From owner-freebsd-security Wed Nov 7 15:24: 2 2001 Delivered-To: freebsd-security@freebsd.org Received: from webs1.accretive-networks.net (webs1.accretive-networks.net [207.246.154.13]) by hub.freebsd.org (Postfix) with ESMTP id 8B49237B418 for ; Wed, 7 Nov 2001 15:23:59 -0800 (PST) Received: from localhost (davidk@localhost) by webs1.accretive-networks.net (8.11.1/8.11.3) with ESMTP id fA7NNsH67514; Wed, 7 Nov 2001 15:23:54 -0800 (PST) Date: Wed, 7 Nov 2001 15:23:54 -0800 (PST) From: David Kirchner X-X-Sender: To: Magdalinin Kirill Cc: , Subject: Re: Chrooted SSH2 problem In-Reply-To: Message-ID: <20011107152206.C44499-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 5 Nov 2001, Magdalinin Kirill wrote: > If you want to allow a couple of users at your box, then > placing sh (which is statically linked) in > /home/chrooted/dummy/bin/ should do the trick. If there > must be many users, then consider making bin, usr and > even var directories under /home/chrooted, and chroot > all users to /home/chrooted. All binaries in bin, usr must > be statically linked or you will have to place all necessary > libraries over there, which is a security risk(?). Thankfully, you can get away with setting up a "skeleton" directory on that mountpoint and then creating hard links (with ln) from the skeleton directory to each chroot'd user directory. Note that this will only work (effectively) for regular files. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message