Date: Thu, 8 Jun 2000 03:58:01 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: Francisco Reyes <fran@reyes.somos.net> Cc: "freebsd-security@FreeBSD.ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: Restricting user to a directory Message-ID: <Pine.BSF.3.96.1000608034539.15629A-100000@aurora.scoop.co.nz> In-Reply-To: <200006070300.XAA18095@sanson.reyes.somos.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 6 Jun 2000, Francisco Reyes wrote: > I want to make a "test" login ID for some people in a project I > am working on. > Basically I just want them to be able to login and only see > their own directory. chroot is possible, but it means you will have to put any binaries and libraries they need into their directory structure (Can be hard links to files elsewhere on the same device). It can be a bit of work to set up for ad hoc use. It would be nice to have an install script for setting up a basic chroot environment, which probably suggests that someone will have done it. > Can this be done with login.conf or loging_conf? > I read the man page, but it should would help to find a mini > tutorial or how to for those files. > I couldn't not even find how to change a user's login class. :-( root@yourhost# chpass <user> > Would using a shell that has a restricted mode be the easiest > way? I believe Bash has this capability. > I didn't seem to find it in tcsh. There is a restricted shell that comes with sendmail (smrsh), but I'm not sure how appropriate it is. Might not be much easier to set up than chroot. > This is a 3.X box so no Jail.. > > After searching.. I bumped into chroot, but when I try is from a > regular ID it gives the error "operation not permited". chroot as root and then su to the appropriate user. You need to set up various binaries and libraries in the chroot area first in order for it to work. Andrew -- Andrew McNaughton andrew@squiz.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000608034539.15629A-100000>