Re: Chroot Environment crazy
From: jpm (jperezme_at_jazzfree.com)
Date: 11/24/03
- Previous message: Nico Kadel-Garcia: "Re: SSH ignores locked accounts"
- In reply to: Nico Kadel-Garcia: "Re: Chroot Environment crazy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Nov 2003 10:41:44 +0100
I use this script to make chroot environment:
#!/bin/ksh
cd /webusers/$1
mkdir bin etc lib dev
chown root:bin bin
chown root:system dev lib etc
chmod 111 bin etc lib
mkdir .ssh
chmod 700 .ssh
mknod dev/null c 2 2
chmod 666 dev/null
cp /usr/local/libexec/sftp-server bin
chown root:bin bin/*
chmod 111 bin/.
chmod 555 bin/..
mkdir usr; mkdir usr/local; mkdir usr/local/libexec
cp bin/sftp-server usr/local/libexec
chmod 711 usr/local/libexec
chmod 711 usr/local
chmod 711 usr
chown root:system dev/..
chmod 111 etc/..
chmod 111 etc/.
cp /usr/lib/libc.a /usr/lib/libcrypt.a /usr/lib/libcurses.a lib
touch .rhosts .forward
chmod 400 .rhosts .forward
chmod 755 ../$1
chown $1:webusers ../$1
cp /etc/shells /webusers/$1/etc
cat /etc/passwd|grep -E "root|$1">/webusers/$1/etc/passwd
cat /etc/group|grep -E "system|webusers">/webusers/$1/etc/group
chmod 444 etc/*
"Nico Kadel-Garcia" <nkadel@comcast.net> escribió en el mensaje
news:qc6dnZmOu-Lj11yiRVn-gw@comcast.com...
>
> "jpm" <jperezme@jazzfree.com> wrote in message
> news:bpqol5$r4e$1@nsnmrro2-gest.nuria.telefonica-data.net...
> > I have added this lines to session.c before to compile it. It works with
> > aix.
> >
> > +1228 do_setusercontext(struct passwd *pw)
> > +1229 {
> > +1230
> > +1231 /* CHROOT patch start */
> > +1232
> > +1233 char *user_dir;
> > +1234 char *new_root;
> > +1235
> > +1236 user_dir = xstrdup(pw->pw_dir);
> > +1237 new_root = user_dir + 1;
> > +1238
> > +1239 while((new_root = strchr(new_root, '.')) != NULL) {
> > +1240 new_root--;
> > +1241 if(strncmp(new_root, "/./", 3) == 0) {
> > +1242 *new_root = '\0';
> > +1243 new_root += 2;
> > +1244 debug("chrooting to user directory %s", user_dir);
> > +1245 if(chroot(user_dir) != 0)
> > +1246 fatal("Couldn't chroot to user directory %s",
> user_dir);
> > +1247 pw->pw_dir = new_root;
> > +1248 if (chdir("/") < 0)
> > +1249 fatal("Couldn't cd to / after chroot to user
directory
> > %s: %s", user_dir, strerror(errno));
> > +1250 break;
> > +1251 }
> > +1252 new_root += 2;
> > +1253 fatal("Couldn't chroot%s", user_dir);
> > +1254 }
> > +1255
> > +1256 /* CHROOT patch end */
> > +1257
> > +1258 #ifndef HAVE_CYGWIN
> > +1259 if (getuid() == 0 || geteuid() == 0)
> > +1260 #endif /* HAVE_CYGWIN */
> > +1261 {
> > +1262
> >
> > User home is /home/user/./
>
> OK, that's one of the published chroot patches, I think it's the one from
> sourceforge.net. How did you build the chroot environment in the user's
home
> directory?
>
>
- Previous message: Nico Kadel-Garcia: "Re: SSH ignores locked accounts"
- In reply to: Nico Kadel-Garcia: "Re: Chroot Environment crazy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
