On Sun, Dec 12, 1999 at 12:04:09PM -0500, Nagilum wrote: > I had read some docs which mentioned that on SysV, you can specify a * in > the 7th field of the passwd file (thisis from memory, I may be off) and > that user's login will then be chroot()ed to his home directory. > > I was hoping to find a similar functionality in Debian, so I tried the * > in the 7th field and that didn't work. So then I grabbed the source for > login (shadow package) and grepped the source for chroot. In > libmisc/sub.c I found it, along with some commentary: > > /* > * subsystem - change to subsystem root > * > * A subsystem login is indicated by the presense of a "*" as > * the first character of the login shell. The given home > * directory will be used as the root of a new filesystem which > * the user is actually logged into. > */ > > So, I tried changing a user's login shell to '*/bin/bash' to no avail. > When I attempt to login, I am asked for the username.. and then I am asked > for the password twice and booted out. > > I also tried replacing /bin/login with a re-compiled version from the > (slink) source but the same thing happened.
The documentation specifies: 1) Once the user has logged in they are chrooted and asked to login via that password file _in the chrooted directory_. 2) The shell must be available in the chrooted env (as well as all needed bianries). So for this to work, you must have a complete working filesystem in each home directory (/home/foo/dev /home/foo/bin /home/foo/usr/bin /home/foo/etc ...). This is not usually what you want for normal users (I've pondered doing this for the auto builder, but haven't gotten around to it yet). -- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] - [EMAIL PROTECTED] - [EMAIL PROTECTED] ' `---=========------=======-------------=-=-----=-===-======-------=--=---'