Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 8 Jun 2000 03:58:01 +1200 (NZST)
From:      Andrew McNaughton <andrew@scoop.co.nz>
To:        Francisco Reyes <fran@reyes.somos.net>
Cc:        "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG>
Subject:   Re: Restricting user to a directory
Message-ID:  <Pine.BSF.3.96.1000608034539.15629A-100000@aurora.scoop.co.nz>
In-Reply-To: <200006070300.XAA18095@sanson.reyes.somos.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 6 Jun 2000, Francisco Reyes wrote:

> I want to make a "test" login ID for some people in a project I
> am working on.
> Basically I just want them to be able to login and only see
> their own directory.

chroot is possible, but it means you will have to put any binaries and
libraries they need into their directory structure (Can be hard links to
files elsewhere on the same device).  It can be a bit of work to set up
for ad hoc use.  It would be nice to have an install script for setting up
a basic chroot environment, which probably suggests that someone will have
done it.


> Can this be done with login.conf or loging_conf?
> I read the man page, but it should would help to find a mini
> tutorial or how to for those files.
> I couldn't not even find how to change a user's login class. :-(

root@yourhost# chpass <user>


> Would using a shell that has a restricted mode be the easiest
> way? I believe Bash has this capability.
> I didn't seem to find it in tcsh.

There is a restricted shell that comes with sendmail (smrsh), but I'm not
sure how appropriate it is.  Might not be much easier to set up than
chroot.


> This is a 3.X box so no Jail..
> 
> After searching.. I bumped into chroot, but when I try is from a
> regular ID it gives the error "operation not permited".

chroot as root and then su to the appropriate user.  You need to set up
various binaries and libraries in the chroot area first in order for it to
work.

Andrew


--
Andrew McNaughton
andrew@squiz.co.nz




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000608034539.15629A-100000>