Date: Fri, 12 Mar 1999 17:50:42 -0700 From: Brett Glass <brett@lariat.org> To: Licia <licia@o-o.org>, freebsd-chat@FreeBSD.ORG Cc: fad@o-o.org Subject: Re: added chroot to /usr/bin/login Message-ID: <4.1.19990312174003.03fc2490@localhost> In-Reply-To: <Pine.BSF.4.05.9903121758540.24345-100000@o-o.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I like it! However, I guess my concern would be that assigning a fixed number (in this case, 80) to the group that gets chrooted might not be the best way to go. Groups in FreeBSD can contain only a limited number of users, so this places a limit on the usefulness of the feature. And if group 80 is already in use, it could require major modifications to the file system to avoid problems. How about something like the /etc/ftpchroot file, where one can list both users and groups that are chrooted? Or the /etc/skey.access file, which lets you use the tty, IP address, group membership, and/or the individual user ID as criteria? (The latter may be overkill for this situation.) You could probably snag the code right out of ftpd to implement an etc/loginchroot file. Or it could be made into a library which ftpd, login, and other programs could share. --Brett At 06:01 PM 3/12/99 -0600, Licia wrote: > >I've placed a small patch to /usr/src/usr.bin/login/login.c on my home site >at http://www.o-o.org/~licia/projects/login/ that adds a simple and fairly >clean way to chroot users at login time. The 2.2.8R patch is tested, the >FreeBSD-current patch is anyone's guess, although I think it should probably >work :) > > > [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf] > [ Telnet to o-o.org and log in as bbs ] [ ssh -l bbs -C o-o.org ] > [ A happy user of FreeBSD : http://www.freebsd.org/ ] > > main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);} > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-chat" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990312174003.03fc2490>