Date: Sat, 28 Jun 1997 13:18:22 +0200 (MET DST) From: Paul Dekkers <psd@worldaccess.nl> To: Zahemszky Gabor <zgabor@CoDe.hu> Cc: questions@freebsd.org Subject: Re: Restricted root Message-ID: <Pine.LNX.3.96.970628131210.1208B-100000@gromit.nev.ml.org>
next in thread | raw e-mail | index | archive | help
Hi >>>> Is it possible to create a user with a different / (root)? I want to >>>> create users that are NOT able to access the 'real' root, and get a >>>> limited account this way. >>> >>>man 2 chroot >>>man 8 chroot >>> >>>As I know, not very-very good, but it works, if they cannot compile >>>some programs, etc. >> >>But: it's for all users, and not for some users... e.g. with my account >>and the accounts of some other administrators I want to access the whole >>system. (And I don't think it's possible to use the chroot prog as >>non-root?!) > >I think, you have to write a very little C-program, and make it his login >shell. In that program, chdir to some restricted directory, chroot to >there, and exec his real shell. OK, but in that case the shell is uid root?! Or do I have to exec a '/bin/su - user'... Do I have to execute that after chroot?! Or can I just make something like: '/usr/sbin/chroot /vol1/safe /bin/su - user' ??? Isn't this a huge security risk? There is a process running root in that case... Or is it absolutly safe whith the good perms? I hope you can help me, I really need to restrict some users or they won't get access anymore ... -=- Paul.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.970628131210.1208B-100000>