Date: Wed, 8 May 2002 16:08:21 -0600 From: "Dalin S. Owen" <dowen@pstis.com> To: Anthony Schneider <aschneid@mail.slc.edu> Cc: security@freebsd.org Subject: Re: Accounts with Restricted privileges Message-ID: <200205081608.21273.dowen@pstis.com> In-Reply-To: <20020508171717.A37592@mail.slc.edu> References: <200205081443.51457.dowen@pstis.com> <20020508171717.A37592@mail.slc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 8, 2002 03:17 pm, you wrote: Nope. rbash disables "cd", remember? :) I need to be able to browse=20 subdirectories. > if you don't have any luck finding a shell with chrootability, you coul= d > easily write a simple setuid wrapper to chroot() and then execute rbash= , > where rbash is located within the chrooted file hierarchy. > -Anthony. > > On Wed, May 08, 2002 at 02:43:51PM -0600, Dalin S. Owen wrote: > > On May 8, 2002 10:31 am, Justin King wrote: > > > > Actually.. I am looking for the almost same answer... what about a > > chroot-ed shell? ie. they can "cd" forwards but not back beyond my > > designated "/"... and I quote (from bash's manpage): > > > > "When a command that is found to be a shell script is exe- > > cuted (see COMMAND EXECUTION above), rbash turns off any > > restrictions in the shell spawned to execute the script." > > > > I don't want that. I want all other processes to be chrooted too. B= y > > now some of you are thinking "jail"... A jail won't cut it, because y= ou > > can't use quotas in a jail. > > > > Does anyone know to do this with bash, or any other shell? I recall > > someone talking about a shell that could do all of the above. > > > > Thanks!:) > > > > FreeBSD Rox, BTW! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205081608.21273.dowen>