OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: chrooting a user
From: Matthias Saou (msASI.FR)
Date: Tue Jul 25 2000 - 09:03:55 CDT

Chrooting only for ftp isn't very hard. With wu-ftpd, just treat the
user as a guest, with proftpd just set the DefaultRoot to ~ for that
user or an entire group he is in.
You also need to disable telnet, ssh and other accesses (with a
/bin/false shell for instance) of course.
Note : The user's shell needs to be listed in /etc/shells or else he
won't be able to ftp in any more.

I hope this was what you were asking about... I'd also be interested in
knowing if it can be useful to chroot a user logged in through telnet or
ssh. To have him in some sort of mini-distribution (with only a few
tools and no access to /proc, /etc/* etc...)
Is this possible? Has someone examples of uses it could have?

Matthias

Faber Fedor wrote:
>
> Any pointers on how to do this? Specifically, a program is going to ftp
> to my machine as "fred". fred will simply drop off some files and hang
> up. I'd like to chroot him so that he is incapable of moving into
> another directory.
>
> I assume it's a little more complicated than giving him a "shell" that
> reads "chroot /home/fred ; /bin/sh", no?
>
> Regards,
>
> Faber Fedor, RHCE, MCSE, MCT
> LinuxNJ.com - "Linux and Open Source solutions for New Jersey" 

--
Accès et Solutions Internet
Matthias Saou - <msasi.fr>