From owner-freebsd-questions Sun Jan 7 6: 1:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from hawk-systems.com (unknown [161.58.152.235]) by hub.freebsd.org (Postfix) with ESMTP id ED55437B402 for ; Sun, 7 Jan 2001 06:01:11 -0800 (PST) Received: from server0 (cr901664-a.pr1.on.wave.home.com [24.112.146.66]) by hawk-systems.com (8.8.8) id GAA51625 for ; Sun, 7 Jan 2001 06:59:36 -0700 (MST) From: "Dave VanAuken" To: Subject: chroot - installs and user segregation Date: Sun, 7 Jan 2001 09:07:42 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <939pkn$c49$1@kemoauc.mips.inka.de> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG have looked at the documentation, this is more general questions along these lines. Assume the following: copy package or tar file into /test directory and set ownership to user1 chroot a user1 shell to /test do a make install on the package... we would have to hardlink bin directories and copy conf files into the /temp to allow functionality of the chrooted environment QUESTION 1: Any starter suggestions on what directories we would need access to and either hardlink or provide copies of? The goal being to run the package without modifying the underlying root system. initial thoughts are /bin, /dev, /etc/skel, /usr Next... I am sure I have seen an example of this but have been unable to track it down. QUESTION 2a: What is the entry to be made if, on user login/authentication, we wish to chroot them to a directory immediately upon login to segregate them from the rest of the system. QUESTION 2b: How secure is this as a trap location assuming the user group is unprivileged. There was some discussion of this in the honey pot thread, have not been able to locate a compilation or digest of the posts regarding that. Appreciate the snippets, urls, RTFM's and responses. Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message