Date: Mon, 26 May 1997 07:50:44 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? Message-ID: <19970526075044.MU37557@uriah.heep.sax.de> In-Reply-To: <Pine.NEB.3.95.970525144745.28807A-100000@mail.cdsnet.net>; from Jaye Mathisen on May 25, 1997 14:50:55 -0700 References: <Pine.NEB.3.95.970525144745.28807A-100000@mail.cdsnet.net>
index | next in thread | previous in thread | raw e-mail
As Jaye Mathisen wrote:
> Anybody got any tips on how to write a secure shell to exec on login to
> set a users environment to the "right thing".
I once had a perl script that create the initial setup. I might still
be able to find it, but it was something like a 10-liner.
#!/usr/bin/suidperl
$ENV{'PATH'} = "/bin:/usr/bin:/usr/local/bin";
($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = getpwuid($<);
die "You're homeless!\n" unless ( -d $dir && chdir($dir) && chroot($dir) );
$) = $(;
$> = $<;
chdir("/home/guest");
$shell = "/bin/sh";
exec $shell "-sh";
print STDERR "couldn't exec shell\n";
exit 2;
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970526075044.MU37557>