Re: chroot()ing a user's login

To: debian-user@lists.debian.org
Subject: Re: chroot()ing a user's login
From: Jim Breton <nagilum@stargate.kersur.net>
Date: Sun, 12 Dec 1999 20:17:44 -0500 (EST)
Message-id: <[🔎] Pine.LNX.3.96.991212200947.14454H-100000@stargate.kersur.net>
In-reply-to: <[🔎] Pine.LNX.4.04.9912121958210.25984-100000@benatar.snurgle.org>

On Sun, 12 Dec 1999, William T Wilson wrote:

> Giving a user a chrooted home won't be an easy task.  You need to have a
> fully functional system under there - that means the shell, libc, and all
> that jazz.  Are you sure you can't do what you want to do with a
> restricted shell?

I primarily want to learn how to do it for the knowledge, and I would
indeed like to chroot a couple of daemons that don't provide any built-in
means of chrooting themselves.  I did named but that was easy, it does
most of the work for me.

So far I'd created the dirs I thought I would need (dev, etc, bin, home,
var) and put what files in them I thought would be necessary... such as
passwd, group, and a shell (sash).  Now I'm prompted for my password twice
and then I'm booted out.

I can tell that the chroot is actually taking place because after I give
the first password -- if I check /proc/pid#/root for that login process,
it does list all the files I expect to see in that user's home dir.  But I
can't seem to get past the second password prompt. 

Restricted shell is ok but too easy to get out of, just run a different
shell and bam, you're "free."  ;P

Reply to:

Follow-Ups:
- Re: chroot()ing a user's login
  - From: Stuart Ballard <sballard@netreach.net>

References:
- Re: chroot()ing a user's login
  - From: William T Wilson <fluffy@snurgle.org>

Prev by Date: Re: Rudimentary network questions.
Next by Date: Stupid question regarding "foreign" characters and how to output them?
Previous by thread: Re: chroot()ing a user's login
Next by thread: Re: chroot()ing a user's login
Index(es):
- Date
- Thread