rbash is the best option. I was quite succecful with it ----- Original Message ----- From: "Gerard Samuel" <[EMAIL PROTECTED]> To: "Brossin Pierrick" <[EMAIL PROTECTED]> Cc: "FreeBSD Questions" <[EMAIL PROTECTED]> Sent: Tuesday, September 24, 2002 11:21 PM Subject: Re: Chroot
> Your first half made total sense, and I was able to lock the root user > in /home/developer when > chroot was executed. > Your second half however, is not clicking with me at the moment. Here > is what I did.... > 1. Under /home/developer/bin create a new file (my_sh) with this -> > #!/bin/sh > /home/developer/bin/sh > chroot /home/developer/ > > 2. Chmod the file 555, chown root:wheel > 3. Enter vipw, and change the user "developer" shell to > /home/developer/bin/my_sh > > With these modifications, I can ssh into the account, but I can still > "break root" by cd'ing out of the home directory. > > Any advise would be greatly appreciated... > Thanks > > > Brossin Pierrick wrote: > > >Hi, > > > >|| Im trying to figure out how to restrict users from leaving their home > >|| directories. > >|| I would enter the new directory /usr/home/developer and issue the > >|| chroot command -> > >|| hivemind# chroot /usr/home/developer > >|| chroot: /bin/csh: No such file or directory > > > >It's because a chrooted directory is like the root dir of your system ! > >You have to create 'bin' 'etc' and stuff into /usr/home/developer. > >You should also copy csh into /usr/home/developer/bin. > > > >Your chrooted system will be completely independent of your system. > >This means if the user developer logs on, he won't be able to access the > >real /etc for example. > > > >I hope I'm clear enough. > > > >www.google.com for more info .. just type in "freebsd chroot". > > > >|| What am I doing wrong?? > >|| Also when this is set, how do I make it persist throught reboots. > >|| Make my own script in /usr/local/etc/rc.d ??? > >|| Thanks for any insight you may provide.... > > > >Just create a shell script and run it instead of running tcsh or sh or ... > >run 'vipw' and change it. > > > >Cya > > > > > >To Unsubscribe: send mail to [EMAIL PROTECTED] > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > -- > Gerard Samuel > http://www.trini0.org:81/ > http://dev.trini0.org:81/ > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
