From owner-freebsd-hackers Sun May 25 22:53:09 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA00819 for hackers-outgoing; Sun, 25 May 1997 22:53:09 -0700 (PDT) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id WAA00814 for ; Sun, 25 May 1997 22:53:06 -0700 (PDT) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id HAA02410 for hackers@FreeBSD.ORG; Mon, 26 May 1997 07:53:04 +0200 Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.8.5) id HAA23983; Mon, 26 May 1997 07:50:44 +0200 (MET DST) Message-ID: <19970526075044.MU37557@uriah.heep.sax.de> Date: Mon, 26 May 1997 07:50:44 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? References: X-Mailer: Mutt 0.60_p2-3,5,8-9 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: ; from Jaye Mathisen on May 25, 1997 14:50:55 -0700 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk As Jaye Mathisen wrote: > Anybody got any tips on how to write a secure shell to exec on login to > set a users environment to the "right thing". I once had a perl script that create the initial setup. I might still be able to find it, but it was something like a 10-liner. #!/usr/bin/suidperl $ENV{'PATH'} = "/bin:/usr/bin:/usr/local/bin"; ($name,$passwd,$uid,$gid,$quota,$comment,$gcos,$dir,$shell) = getpwuid($<); die "You're homeless!\n" unless ( -d $dir && chdir($dir) && chroot($dir) ); $) = $(; $> = $<; chdir("/home/guest"); $shell = "/bin/sh"; exec $shell "-sh"; print STDERR "couldn't exec shell\n"; exit 2; -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)