Date: Tue, 13 Oct 1998 11:20:56 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Graphic Rezidew <rezidew@kemicol.rezidew.net> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: CHROOT'd environments Message-ID: <Pine.BSF.3.95.981013111517.2872G-100000@current1.whistle.com> In-Reply-To: <199810130418.XAA06571@kemicol.rezidew.net>
next in thread | previous in thread | raw e-mail | index | archive | help
yes only root can chroot you can use 'sudo' (in the ports under security) and a shell script to make any user able to do this. (as long as he can't get out of the shell script) It can run a script once sudo'd that 'exec su - $USER' to get back to the user's ID once the chroot is done.. WARNING! a root user can get out of a chroot environment (and remain root) then you will discover that you cannot set it "noexec" because the users shell will need to have come from the chroot environment. On Mon, 12 Oct 1998, Graphic Rezidew wrote: > I am trying to set up 'isolated' environments for certain users on my system > I want to mount a FS (noexec,nodev,userquota) at point /FAKEROOT and then make dirs > like ; bin; sbin; etc; blah blah under it. Then I would like to have a shell > script that does something to the effect of: > #!/bin/sh > chroot /FAKEROOT /bin/sh > --EOF-- > The problem that I am running into is that it appears that only root can run > chroot. If there is a shell that allows chroot'd logins please let me know > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.981013111517.2872G-100000>