Date: Thu, 9 May 1996 21:37:18 GMT From: James Raynard <fqueries@jraynard.demon.co.uk> To: compland@ism.com.br Cc: questions@freebsd.org Subject: Re: chroot() Message-ID: <199605092137.VAA11274@jraynard.demon.co.uk> In-Reply-To: <199605091437.LAA32150@unix1.ism.com.br> (compland@ism.com.br)
next in thread | previous in thread | raw e-mail | index | archive | help
> I created an account but I can't manage to block the user going down
> the tree from the start directory. I know I need to use chroot() but I
> do not understand how it works. I tried the man pages but no luck.
> Maybe someone can help me out ?
Thinking about how anonymous FTP servers work may help. Typically, you
arrive in a directory which you think is the root directory and you
can give commands like 'cd /pub/incoming' as though everything was
hanging off the root directory. In reality, though, it's more likely
to be something like /home/anonftp/pub/incoming. Also, you have
commands like 'ls' which magically seem to be available. In fact, it's
a program which lives in /home/anonftp/bin and your path has been set
there.
This sort of thing is certainly possible to set up using chroot, but
it's a bit tricky to get right.
When a process has been chroot'd, it can't see anything above its new
root directory. This includes not only directories and data files, but
the user's shell, executables, shared libraries that may be needed for
running dynamically-linked programs and perhaps some of the files from
/etc, depending on how complete an environment you want to allow.
So what you need to do is to re-create part of the directory in the
new root directory with everything that's needed. (You can't use
symbolic links as the process can't see what they're pointing
to!). Remember to set the path to wherever you put the executables.
eg
/some/where/new/root/dir---\
|
\------ bin
|
|
\------ etc
|
|
\------ tmp
and so on.
You'll also need to do think about dynamically linked executables -
ideally, you should try to avoid them. Fortunately, many of the basic
ones (the ones which live in /bin) are statically linked, so you can
allow a fairly minimal environment without using dynamically linked
ones.
If you're not sure if an executable is dynamically linked, do 'file
foobar' and it'll say
foobar: FreeBSD/i386 demand paged dynamically linked executable
if it is.
If you're intending to do this for setting up anonymous FTP, most of
the hard work has already been done for you. The ftpd man page has a
good explanation of how to set up a secure anonymous FTP site. In any
case, it might be worth having a look at the ftpd code for hints - for
example, you must chdir() into the new directory after chroot()'ing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605092137.VAA11274>