Date: Tue, 9 Mar 1999 11:30:17 -0600 (CST) From: Licia <licia@o-o.org> To: Guy Helmer <ghelmer@scl.ameslab.gov> Cc: freebsd-chat@freebsd.org Subject: Re: A new feature for /usr/bin/login (feedback requested) Message-ID: <Pine.BSF.4.05.9903091120030.10107-100000@o-o.org> In-Reply-To: <Pine.SGI.4.05.9903091034530.13205-100000@demios.scl.ameslab.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Mar 1999, Guy Helmer wrote:
> On Tue, 9 Mar 1999, Licia wrote:
>
> > I'm going to alter login so that any person with a login group of 80 will
> > be automagically chrooted. If there is an entry for them in /etc/chroots
> > they will be chrooted to the specified area (allowing several people to be
> > chrooted to a common sub-area) and if there isn't an entry for them, they will
> > be chrooted to their home directories.
>
> I think it would be better to add a new login capability to the login.conf
> file that specifies a chroot directory for all members of the class.
> With parameter substitution (e.g. "%u" for the user name, "%g" for the
> primary group name), this could eliminate the need for the /etc/chroots
> file you suggest.
hmm sort of a chroot=pathname entry, with different login classes for each
group of users, defaulting to home directory if not specified?
>
> > 2. Should I build some sort of prepackaged utility to set up chrooted
> > environments (creating directory hierarchies, copying binaries, libraries,
> > device files, etc) and if so what would the -minimum- set be for basic
> > functionality?
>
> Sure, that would be useful. You might want to look into portal mounts WRT
> chroot jails - it would save having to copy binaries, libraries, device
> files, and configuration files.
>
Hmm portal mounts would work, but seem a little site-specific to offer
generically, wouldn't you think?
Actually, now that I think about it more most things that could be pre-done in
a script would probably be very site specific... would it be safe to assume
the average person using chrooted logins would be advanced enough to set up
the environment properly?
[ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf]
[ Telnet to o-o.org and log in as bbs ] [ ssh -l bbs -C o-o.org ]
[ A happy user of FreeBSD : http://www.freebsd.org/ ]
main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903091120030.10107-100000>