From owner-freebsd-questions@FreeBSD.ORG Sat Dec 6 17:07:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3EF616A4CE for ; Sat, 6 Dec 2003 17:07:13 -0800 (PST) Received: from zim.0x7e.net (zim.0x7e.net [203.38.184.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 004B143FAF for ; Sat, 6 Dec 2003 17:07:11 -0800 (PST) (envelope-from listone@deathbeforedecaf.net) Received: from goo.0x7e.net ([203.38.184.164] helo=goo) by zim.0x7e.net with smtp (Exim 3.36 #1) id 1ASnNY-00043F-00; Sun, 07 Dec 2003 11:36:32 +1030 Message-ID: <008501c3bc5e$5a9667e0$a4b826cb@goo> From: "Rob" To: "Nick Twaddell" , References: <20031206211745.001CC43F93@mx1.FreeBSD.org> Date: Sun, 7 Dec 2003 11:36:31 +1030 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Subject: Re: chroot environment X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2003 01:07:13 -0000 If you've already built the environment, you're halfway to having a jail(8) - this extends chroot(8) by creating a private process tree and network interface. You can run an entire system inside a jail, including sshd(8) to accept logins. For ftp logins, ftpd(8) has builtin support for chrooting certain users - see ftpchroot(5). There is also support for chrooting logins in the ssh.com version of sshd - I believe this is /usr/ports/security/ssh2, but I haven't checked. Apart from this, I don't know a 'standard' way of doing it. ----- Original Message ----- From: "Nick Twaddell" Subject: chroot environment > I am trying to setup a chroot environment for some users. I rebuilt the > environment inside their userdir, copied all the appropriate binaries, libs, > etc. The part I am stumped on, is how do you make it so their account gets > chrooted on login. Since chroot can only be executed by root. Some of the > docs I found created a shell script that would sudo chroot and run it on > login. I am just wondering what everyone else recommends. > > Thanks > > Nick Twaddell > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >