Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 13 Mar 1999 02:29:03 +0000 (GMT)
From:      Terry Lambert <tlambert@primenet.com>
To:        licia@o-o.org (Licia)
Cc:        freebsd-chat@FreeBSD.ORG, fad@o-o.org
Subject:   Re: added chroot to /usr/bin/login
Message-ID:  <199903130229.TAA15918@usr05.primenet.com>
In-Reply-To: <Pine.BSF.4.05.9903121758540.24345-100000@o-o.org> from "Licia" at Mar 12, 99 06:01:22 pm
next in thread | previous in thread | raw e-mail | index | archive | help 
> I've placed a small patch to /usr/src/usr.bin/login/login.c on my home site
> at http://www.o-o.org/~licia/projects/login/  that adds a simple and fairly
> clean way to chroot users at login time.  The 2.2.8R patch is tested, the
> FreeBSD-current patch is anyone's guess, although I think it should probably
> work :)

I think the correct way to pursue this would be to put the user's in
a "chroot" login class.  You would put the word "chroot" between
the colons in the passwd file entry via "vipw", e.g.:

test::999:999:chroot:0:0:test user:/A/testuser:/bin/csh

And then within this class, add the resource limit "rootdir" in addition
to the default, e.g.:

chroot:\
	:rootdir=~:\
	:tc=default:

Note: ~ expands to the home directory, $ expands to the username; you
could also do:

chroot:\
	:rootdir=/jail/$:\
	:tc=default:

And then use:

	login_getcapstr(3)

Within login itself to get the string; if present, you chroot to the
target.

You could also do:

sharedjail:\
	:rootdir=/usr06/jail/:\
	:tc=default:

And put users in a shared, but chrooted environment, like so:

sally::2018:2018:sharedjail:0:0:sally:/users/s/sally:/bin/csh
bob::2019:2019:sharedjail:0:0:bob:/users/b/bob:/bin/csh

They could interact (and share shared libraries, for example), but
not affect the rest of the system.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903130229.TAA15918>