Date: Mon, 31 Aug 1998 09:39:34 -0600 From: "Aaron D. Gifford" <agifford@infowest.com> To: security@FreeBSD.ORG Subject: Re: Shell history Message-ID: <35EAC3B6.258A308D@infowest.com> References: <199808310943.LAA00544@CoDe.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Somebody said: > > >> Sort of an automated chroot thing you can't bypass I guess. And Danny responded: > > >Build a chrooted area with /etc, /bin, /usr/bin, /usr/lib, /usr/libexec > > >files which are necessary. > > >Change inetd to run telnetd.sh and have telnetd.sh do: > > > > > >----- > > >#!/bin/sh > > >cd /newroot > > >/usr/sbin/chroot . exec /usr/libexec/telnetd > > >----- > > > > > >Danny And a third party replied: > > This means that there would be common area for all shell users and I'd > > wonder if root would be restricted to console and ssh perhaps. Then Zahemszky Gabor informed: > In some AT&T Unices (HP, if I know well), this is the job of login: > if that user has a star ``*'' as shell (the /etc/passwd line of that user > is like: > user:passwd:uid:gid:gcos:home:* > ), > than login is chroot to home, and start another login, with a /etc/passwd in > that chrooted environment. Well, with that way, that user has to type > two login/passwd sequence, but I think it's not a bad idea. <<snip>> I had to set up a chrooted area for a few users recently, so I wrote a shell wrapper, chrsh. It chroots to the chroot jail then runs a shell or whatever within the jail. See http://www.eq.net/software/chrsh.html for more info. Tis FreeBSD specific. It let me specify which users I wanted chrooted and which I did not, and it lets the users login via telnet or ssh or whatever. Aaron out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35EAC3B6.258A308D>