Date: Sat, 10 Feb 1996 20:19:25 -0700 From: kelly@fsl.noaa.gov (Sean Kelly) To: yankee@anna.az.com Cc: freebsd-security@freebsd.org Subject: Re: Need help building jails (fwd) Message-ID: <9602110319.AA22583@emu.fsl.noaa.gov> In-Reply-To: <Pine.BSF.3.91.960210104236.28801C-100000@anna.az.com> (yankee@anna.az.com)
index | next in thread | previous in thread | raw e-mail
>>>>> "Yankee" == az com <yankee@anna.az.com> writes:
Yankee> Haven't been able to get chroot to work, any ideas?
Although anyone can run /usr/sbin/chroot, the chroot() system call
(type ``man 2 chroot'') says
This call is restricted to the super-user.
so you need to be root to make effective use of /usr/sbin/chroot.
So, you probably want a special version of /usr/bin/login that checks
a database (perhaps by extending /etc/passwd or /etc/login.access, but
maybe a new database to stay compatible) which performs the chroot if
a certain field is set. It can do this while it's running as root,
before it sets the user ID to the logged-in user.
The source code to /usr/bin/login is on the FreeBSD CD-ROM and FTP
sites, so hack away.
--
Sean Kelly
NOAA Forecast Systems Laboratory, Boulder Colorado USA
If there's ever an amusement park called Bag World, I bet it would really start
to annoy you after a while how they really sort of stretch the definition of
"bag." -- Deep Thoughts, by Jack Handey
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9602110319.AA22583>