From owner-freebsd-security  Wed May  8 15:12:39 2002
Delivered-To: freebsd-security@freebsd.org
Received: from nexusxi.com (balistraria.nexusxi.com [216.123.202.196])
	by hub.freebsd.org (Postfix) with SMTP id 7BABB37B406
	for <security@freebsd.org>; Wed,  8 May 2002 15:12:33 -0700 (PDT)
Received: (qmail 3803 invoked from network); 8 May 2002 22:12:31 -0000
Received: from unknown (HELO h410g3n.localnet) (204.209.140.10)
  by 0 with SMTP; 8 May 2002 22:12:31 -0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: "Dalin S. Owen" <dowen@pstis.com>
Reply-To: dowen@pstis.com
Organization: Nexus XI Corp.
To: Anthony Schneider <aschneid@mail.slc.edu>
Subject: Re: Accounts with Restricted privileges
Date: Wed, 8 May 2002 16:08:21 -0600
X-Mailer: KMail [version 1.4]
References: <200205081443.51457.dowen@pstis.com> <20020508171717.A37592@mail.slc.edu>
In-Reply-To: <20020508171717.A37592@mail.slc.edu>
Cc: security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-Id: <200205081608.21273.dowen@pstis.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On May 8, 2002 03:17 pm, you wrote:

Nope.  rbash disables "cd", remember? :)  I need to be able to browse=20
subdirectories.

> if you don't have any luck finding a shell with chrootability, you coul=
d
> easily write a simple setuid wrapper to chroot() and then execute rbash=
,
> where rbash is located within the chrooted file hierarchy.
> -Anthony.
>
> On Wed, May 08, 2002 at 02:43:51PM -0600, Dalin S. Owen wrote:
> > On May 8, 2002 10:31 am, Justin King wrote:
> >
> > Actually.. I am looking for the almost same answer... what about a
> > chroot-ed shell?  ie. they can "cd" forwards but not back beyond my
> > designated "/"... and I quote (from bash's manpage):
> >
> >        "When  a command that is found to be a shell script is exe-
> >        cuted (see COMMAND EXECUTION above), rbash turns  off  any
> >        restrictions in the shell spawned to execute the script."
> >
> > I don't want that.  I want all other processes to be chrooted too.  B=
y
> > now some of you are thinking "jail"... A jail won't cut it, because y=
ou
> > can't use quotas in a jail.
> >
> > Does anyone know to do this with bash, or any other shell?  I recall
> > someone talking about a shell that could do all of the above.
> >
> > Thanks!:)
> >
> > FreeBSD Rox, BTW!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message