Re: chroot()ing a user's login

To: Ben Collins <bcollins@debian.org>
Cc: Nagilum <nagilum@stargate.kersur.net>, debian-user@lists.debian.org
Subject: Re: chroot()ing a user's login
From: Ookhoi <ookhoi@dds.nl>
Date: Thu, 23 Dec 1999 13:05:44 +0100
Message-id: <[🔎] 19991223130544.N31870@ookhoi.dds.nl>
Reply-to: ookhoi@dds.nl
In-reply-to: <[🔎] 19991212121536.J1441@lappy.djj.state.va.us>
References: <[🔎] Pine.LNX.3.96.991212115132.14454F-100000@stargate.kersur.net> <[🔎] 19991212121536.J1441@lappy.djj.state.va.us>

Hi Ben,

> On Sun, Dec 12, 1999 at 12:04:09PM -0500, Nagilum wrote:
> > I had read some docs which mentioned that on SysV, you can specify a * in
> > the 7th field of the passwd file (thisis from memory, I may be off) and
> > that user's login will then be chroot()ed to his home directory.
> > 
> > I was hoping to find a similar functionality in Debian, so I tried the *
> > in the 7th field and that didn't work.  So then I grabbed the source for
> > login (shadow package) and grepped the source for chroot.  In
> > libmisc/sub.c I found it, along with some commentary:
> > 
> > /*
> >  * subsystem - change to subsystem root
> >  *
> >  *      A subsystem login is indicated by the presense of a "*" as
> >  *      the first character of the login shell.  The given home
> >  *      directory will be used as the root of a new filesystem which
> >  *      the user is actually logged into.
> >  */
> > 
> > So, I tried changing a user's login shell to '*/bin/bash' to no avail.
> > When I attempt to login, I am asked for the username.. and then I am asked
> > for the password twice and booted out.
> > 
> > I also tried replacing /bin/login with a re-compiled version from the
> > (slink) source but the same thing happened.
> 
> The documentation specifies:
> 
> 1) Once the user has logged in they are chrooted and asked to login via
> that password file _in the chrooted directory_.
> 
> 2) The shell must be available in the chrooted env (as well as all needed
> bianries).
> 
> So for this to work, you must have a complete working filesystem in each
> home directory (/home/foo/dev /home/foo/bin /home/foo/usr/bin /home/foo/etc
> ...).

I have a password entry at my system like this:
ookhoi $ grep ookhoi /etc/passwd
ookhoi:x:1000:1000:Ookhoi:/usr/remote:*/bin/bash

Under /usr/remote I have a complete and working filesystem which I use
for nfs boots. 
Now I try to login:

ookhoi $ su ookhoi
Password: 
Password: 
No shell

The first password is the password on my system, the second password is
the password I use when I do a nfs boot, so the change root works. But
for some reason I get the "No shell". Can you help me with that please?

The password entry at the nfs boot system is:
ookhoi $ grep ookhoi /usr/remote/etc/passwd
ookhoi:x:1000:101::/home/ookhoi:/bin/bash

And this works:
expanse:~# chroot /usr/remote/ su - ookhoi
ookhoi $

Of course bash is there:
ookhoi $ /bin/bash 
ookhoi $ 

Thanx for any pointers!

		Ookhoi

Reply to:

Follow-Ups:
- Re: chroot()ing a user's login
  - From: Robert Varga <robi@piros.zold.net>

References:
- chroot()ing a user's login
  - From: Nagilum <nagilum@stargate.kersur.net>
- Re: chroot()ing a user's login
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Bad points for debian (was: resetting dpkg)
Next by Date: Re: Next codename
Previous by thread: Re: chroot()ing a user's login
Next by thread: Re: chroot()ing a user's login
Index(es):
- Date
- Thread