From owner-freebsd-isp  Tue Oct 13 09:18:29 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA11170
          for freebsd-isp-outgoing; Tue, 13 Oct 1998 09:18:29 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from pau-amma.whistle.com (s205m64.whistle.com [207.76.205.64])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA11161
          for <freebsd-isp@FreeBSD.ORG>; Tue, 13 Oct 1998 09:18:28 -0700 (PDT)
          (envelope-from dhw@whistle.com)
Received: (from dhw@localhost)
	by pau-amma.whistle.com (8.8.8/8.8.7) id JAA20364;
	Tue, 13 Oct 1998 09:18:00 -0700 (PDT)
	(envelope-from dhw)
Date: Tue, 13 Oct 1998 09:18:00 -0700 (PDT)
From: David Wolfskill <dhw@whistle.com>
Message-Id: <199810131618.JAA20364@pau-amma.whistle.com>
To: freebsd-isp@FreeBSD.ORG, rezidew@kemicol.rezidew.net
Subject: Re: CHROOT'd environments
In-Reply-To: <199810130418.XAA06571@kemicol.rezidew.net>
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>Date: Mon, 12 Oct 1998 23:18:03 -0500 (CDT)
>From: Graphic Rezidew <rezidew@kemicol.rezidew.net>

>The problem that I am running into is that it appears that only root can run
>chroot. If there is a shell that allows chroot'd logins please let me know

The chroot() system call may only be invokoed by a process with
effective uid of 0 (root).  Thus, any such shell would either need to be
invoked by root or would need to be setuid root.

The former would not seem to be a useful exercise.

The latter, though tricky, may be doable; you would need to write your
own program which would set up the chroot'ed environment, perform the
chroot, and then relinquish root privileges irrevocably.  It would
probably also exec a more common shell just before giving the user
control.  You would need to be certain that the program will handle
various conditions, some of which may well be pathological, in a known
and acceptable manner.

Good luck,
david
-- 
David Wolfskill		UNIX System Administrator
dhw@whistle.com		voice: (650) 577-7158	pager: (650) 371-4621

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message