Re: chroot()ing a user's login

To: Robert Varga <robi@piros.zold.net>
Cc: debian-user@lists.debian.org
Subject: Re: chroot()ing a user's login
From: Ookhoi <ookhoi@dds.nl>
Date: Thu, 23 Dec 1999 14:28:52 +0100
Message-id: <[🔎] 19991223142852.Q31870@ookhoi.dds.nl>
Reply-to: ookhoi@dds.nl
In-reply-to: <[🔎] Pine.LNX.3.96.991223132732.27804B-100000@piros.zold.net>
References: <[🔎] 19991223130544.N31870@ookhoi.dds.nl> <[🔎] Pine.LNX.3.96.991223132732.27804B-100000@piros.zold.net>

Hi Robert,

> > > On Sun, Dec 12, 1999 at 12:04:09PM -0500, Nagilum wrote:
> > > > I had read some docs which mentioned that on SysV, you can specify a * in
> > > > the 7th field of the passwd file (thisis from memory, I may be off) and
> > > > that user's login will then be chroot()ed to his home directory.
> > > > 
> > > > I was hoping to find a similar functionality in Debian, so I tried the *
> > > > in the 7th field and that didn't work.  So then I grabbed the source for
> > > > login (shadow package) and grepped the source for chroot.  In
> > > > libmisc/sub.c I found it, along with some commentary:
> > > > 
> > > > /*
> > > >  * subsystem - change to subsystem root
> > > >  *
> > > >  *      A subsystem login is indicated by the presense of a "*" as
> > > >  *      the first character of the login shell.  The given home
> > > >  *      directory will be used as the root of a new filesystem which
> > > >  *      the user is actually logged into.
> > > >  */
> > > > 
> > > > So, I tried changing a user's login shell to '*/bin/bash' to no avail.
> > > > When I attempt to login, I am asked for the username.. and then I am asked
> > > > for the password twice and booted out.
> > > > 
> > > > I also tried replacing /bin/login with a re-compiled version from the
> > > > (slink) source but the same thing happened.
> > > 
> > > The documentation specifies:
> > > 
> > > 1) Once the user has logged in they are chrooted and asked to login via
> > > that password file _in the chrooted directory_.
> > > 
> > > 2) The shell must be available in the chrooted env (as well as all needed
> > > bianries).
> > > 
> > > So for this to work, you must have a complete working filesystem in each
> > > home directory (/home/foo/dev /home/foo/bin /home/foo/usr/bin /home/foo/etc
> > > ...).
> > 
> > I have a password entry at my system like this:
> > ookhoi $ grep ookhoi /etc/passwd
> > ookhoi:x:1000:1000:Ookhoi:/usr/remote:*/bin/bash
> > 
> > Under /usr/remote I have a complete and working filesystem which I use
> > for nfs boots. 
> > Now I try to login:
> > 
> > ookhoi $ su ookhoi
> > Password: 
> > Password: 
> > No shell
> > 
> > The first password is the password on my system, the second password is
> > the password I use when I do a nfs boot, so the change root works. But
> > for some reason I get the "No shell". Can you help me with that please?
> > 
> > The password entry at the nfs boot system is:
> > ookhoi $ grep ookhoi /usr/remote/etc/passwd
> > ookhoi:x:1000:101::/home/ookhoi:/bin/bash
> > 
> > And this works:
> > expanse:~# chroot /usr/remote/ su - ookhoi
> > ookhoi $
> > 
> > Of course bash is there:
> > ookhoi $ /bin/bash 
> > ookhoi $ 
> 
> And is it in the chrooted /etc/shells?

Thanx you for your response! Yes, it is:

okhoi $ cat /usr/remote/etc/shells
# /etc/shells: valid login shells
/bin/ash
/bin/bash
/bin/csh
/bin/sh
/usr/bin/es
/usr/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/usr/bin/zsh
/bin/sash

But if not, then a normal login wouldn't work either I think?

		Ookhoi

Reply to:

References:
- Re: chroot()ing a user's login
  - From: Ookhoi <ookhoi@dds.nl>
- Re: chroot()ing a user's login
  - From: Robert Varga <robi@piros.zold.net>

Prev by Date: logrotate
Next by Date: Re: Bad points for debian (was: resetting dpkg)
Previous by thread: Re: chroot()ing a user's login
Next by thread: Re: chroot()ing a user's login
Index(es):
- Date
- Thread