On Tue, Sep 13, 2005 at 03:31:34PM -0300, Leonardo Marques wrote:
> how can i do to create a chrooted environment?
QUICK HACK ALERT (untested, undocumented, tty stuff ignored, ugly
ugly ugly, most probably unsecure):
#include <err.h>
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
int main(void) {
struct passwd *pwent;
if (!(pwent = getpwuid(getuid())))
err(1, NULL);
if (chroot(pwent->pw_dir) != 0 || chdir("/") != 0)
err(1, NULL);
execl("/usr/bin/login", "login", "-f", pwent->pw_name, (char*)NULL);
err(1, NULL);
}
Don't use this as is. The idea is to write a simple chroot-wrapper
like this, install setuid-root, use it as login-shell for $USER,
and set $USER's home to something like /var/jail.
/var/jail then should be a self-contained, trimmed-down filesystem
hierarchy.
Again: this is just an ugly (and probably completely retarded) quick
hack.
Ciao,
Kili
