[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: Restricting FTP home directory (chroot
From:       "Peter C. Norton" <spacey () LENIN ! NU>
Date:       2000-07-10 16:31:29
[Download RAW message or body]

The way you'd normally chroot() someone - write a chroot'd shell.  Then make
sure that every user has a /lib, /usr/lib, /bin, /usr/bin, /sbin, /usr/sbin,
etc.

You can probably write a shell in < 100 lines that'll just chroot to ~user,
then exec the users shell.  It'd take a couple of getpw*() calls, so your
security is still suspect up to the point of the chroot().

There may be some restricted shells that accomplish this, but I've never
used them.

-Peter

On Mon, Jul 10, 2000 at 06:10:50PM +0200, TARDIEU Emmanuel wrote:
> Hello,
>
> Since we're talking about chroot, does anyone know how to chroot a user when
> he logs in, so he has his home dir as "/" ??
>
> Thanks,
> Emmanuel

--
The 5 year plan:
In five years we'll make up another plan.
Or just re-use this one.

[prev in list] [next in list] [prev in thread] [next in thread]