Date: Sat, 22 Aug 2015 09:45:55 -0400 From: Brandon Allbery <allbery.b@gmail.com> To: Johan Hendriks <joh.hendriks@gmail.com> Cc: freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: SSH Chroot FreeBSD 10.1 and 10.2 Message-ID: <CAKFCL4V=bUiHo4Mtjw67sYRddC6fbodS3koYg5qZkExr6BueRw@mail.gmail.com> In-Reply-To: <55D879DA.1070407@gmail.com> References: <55D879DA.1070407@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 22, 2015 at 9:32 AM, Johan Hendriks <joh.hendriks@gmail.com> wrote: > Last login: Sat Aug 22 17:05:52 2015 from 192.168.1.13 > Could not chdir to home directory /restricted/testuser1: No such file or > directory > Cannot read termcap database; > using dumb terminal settings. > % > From here I can do ls and so on if I copy ls, mkdir and other programs > from /rescue to /restricted/username/bin , and can not escape my home, > this is what I want but the error messages are frustrating. > You have the chroot directory both as a chroot directory and a home directory. This means that the *actual* home directory, as seen from outside the chroot, is /restricted/testuser1/restricted/testuser1. (Home directory is *inside* the chroot directory and therefore relative to it.) The termcap message should be self-explanatory; you're missing /etc/termcap inside the chroot. chroot is what it says on the tin: once set, the specified directory is "/". Every file accessed from that point on MUST be available from a tree in which the specified chroot directory is "/". This includes symlinks --- symlink resolution doesn't get to see outside the specified "/" any more than anything else running in the chroot does, so you cannot simply symlink to a file outside the chroot. (Hard links are fine, since they are actually by inode number; they just have to be on the same partition.) -- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKFCL4V=bUiHo4Mtjw67sYRddC6fbodS3koYg5qZkExr6BueRw>