On Wed, 27 Dec 2000, Craig Sanders wrote:
> read the docs on rbash (restricted bash shell) and set their shell to
> /bin/rbash in /etc/passwd.
Been there; done that (before posting to the list).
Works as expected; but still doesn't make a blind scrap of difference as
to whether the chroot call is implemented or not.
> it's not as useful as you might think it is, and takes a lot of work
> to actually make it usable.
You can say that again!
> imo, it's not worth the bother - if a user can't be trusted with a
> shell, then don't give them one.
I tend to agree with you here. (Problem is, I can only >>advise<<
clients on their system configuration -- not tell them what to do.
And if I can't even get it working on my own system, how am I going to
do it on theirs?)
> sure that all file permissions are correct and that there are no suid
> root exploitable holes on your system.
Totally agreee; but it looks very much as if the only way to run a
script to call chroot is via suid. Not nice.
Martin Wheeler - StarTEXT - Glastonbury - BA6 9PH - England
 firstname.lastname@example.org http://www.startext.co.uk/