From owner-freebsd-isp  Sat Jan 31 23:40:11 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA02596
          for freebsd-isp-outgoing; Sat, 31 Jan 1998 23:40:11 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from wopr.inetu.net (wopr.inetu.net [207.18.13.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA02591
          for <freebsd-isp@FreeBSD.ORG>; Sat, 31 Jan 1998 23:40:10 -0800 (PST)
          (envelope-from dev@wopr.inetu.net)
Received: from localhost (dev@localhost)
	by wopr.inetu.net (8.8.5/8.8.5) with SMTP id CAA18778;
	Sun, 1 Feb 1998 02:47:43 -0500 (EST)
Date: Sun, 1 Feb 1998 02:47:43 -0500 (EST)
From: Dev Chanchani <dev@wopr.inetu.net>
To: alex@comsys.com
cc: Adrian Filipi-Martin <adrian@virginia.edu>, freebsd-isp@FreeBSD.ORG
Subject: Re: chroot
In-Reply-To: <34D0EDD6.1FB2@comsys.com>
Message-ID: <Pine.BSF.3.95q.980201024716.18749B-100000@wopr.inetu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org
X-To-Unsubscribe: mail to majordomo@FreeBSD.org "unsubscribe freebsd-isp"

bash2 has a "restricted shell option" man bash2
and look for restricted.

If you invoke it as rbash it will apply certain
restrictions like not let the user cd, etc.

Dev Chanchani - INetU, Inc.(tm) - http://www.INetU.net
 Electronic commerce - Web development - Web hosting
        dev@INetU.net - Phone: (610) 266-7441

On Thu, 29 Jan 1998 alex@comsys.com wrote:

> Adrian,
> 
> I'm sorry, "to the man with a hammer everything appears a nail."
> 
> My solution does not address your telnet problem. We recently
> fixed a chroot problem with ftp, and not telnet. My mistake.
> 
> We never allow any telnet access to our system for the 
> general customer, so the telnet part of your message didn't register.
> 
> There was an 'rsh' or restricted shell a while back... I don't
> see it on our recent systems though. Trial and error using
> .profile, .login, .cshrc, or globals for csh shell,
> /etc/csh.cshrc /etc/.csh.login might help.
> 
> 
> -Alex
> 
> Adrian T. Filipi-Martin wrote:
> > 
> > Hi,
> >         I can find reference to /etc/ftpchroot, but not /etc/chroot.
> > Could you give me a pointer to the proper manpage?  I cann't find one that
> > mentions it.
> > 
> > thanks,
> > 
> >         Adrian
> > 
> > On Wed, 28 Jan 1998 alex@comsys.com wrote:
> > 
> > > Put him in /etc/chroot, create a ~usr/bin/date ~usr/bin/ls, ls and
> > > date should have the same perms as the ~ftp/bin versions. Else
> > > recompile ftpd with internal support for ls and date.
> > >
> > >  Alex
> > >
> > >
> > >
> > > Charlie & wrote:
> > > >
> > > > I have a customer who is somewhat objectionable to some of my other
> > > > customers.  How do I use chroot to automatically set a users root directory to
> > > > his home directory everytime they telnet in?  Do I create a file (ie:ush) that
> > > > executes the chroot command then the shell program (ie: /bin/sh) then change
> > > > all of my users to use the new shell (ush)?  Is there a better way?
> > > >
> > > > Thanks in advance,
> > > >
> > > > Eddie
> > >
> > 
> >         Adrian
> > --
> > adrian@virginia.edu        ---->>>>| If I were stranded on a desert island, and
> > System Administrator         --->>>| I could only have one OS for my computer,
> > Neurosurgical Visualzation Lab -->>| it would be FreeBSD.  Think about it.....
> > http://www.nvl.virginia.edu/     ->|      http://www.freebsd.org/
> 1111111
>