chroot() command

chroot() command

Post by Kevin Cli » Wed, 31 Jan 1996 04:00:00




>I am trying to write a utility that when a user logs into their home directory
>it will change the root directory to their current directory. I am using the
>chroot() command. The code flow is as follows:

>    I use the getcwd command to get the current working directory and then
>pump it to the chroot command; however, I does not work. What do I need to do
>or set to get it to work. I would like to use this command to restrict access
>to a system, that I need to give access to people "telnet and ftp", but I do
>not want them poking around. I can't give them the restricted shell because of
>political reasons. I figure that I would place it in the .profile and make it
>writable only by root. What am I doing wrong? Suggestion are very much
>appreciated in advance.


>Karl Waddell

Either you don't understand the ramifications of changing the root
directory, or your users don't have much work to do on your system.

If you change a user's root directory to his home directory, he will
be unable to access any file that is not contained in his home
directory or a subdirectory thereof.  In particular, each user would
have to have a personal copy of every program he needs to run (like ls,
csh, cat, mv, rm, vi, etc.), or at least a hardlink to each program.  

More sensibly, you could setup a mini-root containing all software
needed by a class of users, and the home directories of all those
users, and then change each user's login program to a perl script that
would chroot to the mini-root and then exec a shell (if they
need shell access; if not, then exec whatever application they need to
run).  

You could set each user's umode to 077 so that each
user's files would be inaccessible to the other users.

BTW, I would be interested to know why you want to do this at all.
--
Kevin Cline

 
 
 

chroot() command

Post by Ian T Zimmerm » Wed, 31 Jan 1996 04:00:00



> I am trying to write a utility that when a user logs into their home
> directory it will change the root directory to their current
> directory. I am using the chroot() command. The code flow is as
> follows:

>    I use the getcwd command to get the current working directory and then
> pump it to the chroot command; however, I does not work. What do I
> need to do or set to get it to work. I would like to use this
> command to restrict access to a system, that I need to give access
> to people "telnet and ftp", but I do not want them poking around. I
> can't give them the restricted shell because of political reasons. I
> figure that I would place it in the .profile and make it writable
> only by root. What am I doing wrong? Suggestion are very much
> appreciated in advance.

chroot only changes the root directory _for the current process_ and
its descendants. If you call chroot in a program and then exit the
program, it's basically a no-op :-)

But even if you could change the root directory of users' login shell
(which seems to be what you had in mind) have you considered the
consequences? that would change the environment pretty radically. For
instance, that would mean all programs the users would ever need to
run would have to be under their home directories. It could be done
using symlinks, but I've the impression you underestimate the
difficulties involved...
--
Ian T Zimmerman            +-------------------------------------------+
P.O. Box 13445             I    With so many executioners available,   I
Berkeley, California 94712 I suicide is a really foolish thing to do.  I


 
 
 

chroot() command

Post by Karl Wadde » Wed, 31 Jan 1996 04:00:00


I am trying to write a utility that when a user logs into their home directory
it will change the root directory to their current directory. I am using the
chroot() command. The code flow is as follows:

        I use the getcwd command to get the current working directory and then
pump it to the chroot command; however, I does not work. What do I need to do
or set to get it to work. I would like to use this command to restrict access
to a system, that I need to give access to people "telnet and ftp", but I do
not want them poking around. I can't give them the restricted shell because of
political reasons. I figure that I would place it in the .profile and make it
writable only by root. What am I doing wrong? Suggestion are very much
appreciated in advance.


Karl Waddell

 
 
 

chroot() command

Post by Matt DiM » Fri, 02 Feb 1996 04:00:00


[copy of posting sent to author of original]
[followups set]


>    I use the getcwd command to get the current working directory and then
>pump it to the chroot command; however, I does not work. What do I need to do
>or set to get it to work. I would like to use this command to restrict access
>to a system, that I need to give access to people "telnet and ftp", but I do
>not want them poking around. I can't give them the restricted shell because of
>political reasons. I figure that I would place it in the .profile and make it
>writable only by root. What am I doing wrong?

Everything.
1) chroot only affects the current process and its children.  If you run
   a program in the .profile that does a chroot, that / directory will only
   affect that program - not too useful.  If you wanted to do it, you'd have
   to get the shell to execute it directly as a builtin.  Which means rewriting
   the shell.
2) Relying on a program run from a user's .profile for security is not
   effective.  The user can, in general, control-c or otherwise abort the
   .profile reading before it ever gets to your Magical Security Command.
3) Even if you got the chroot to work, you'd have to copy or link telnet and
   ftp clients into every user's home directory, not to mention rm, ls, grep,
   ... everything.

In short, if you want a restricted shell, use the restricted shell.  With
all due respect, you don't appear know enough to write one yourself.  I
wouldn't be able to do it either.

 
 
 

chroot() command

Post by Patrick Horg » Tue, 06 Feb 1996 04:00:00


Just a side note, if you don't use a restricted shell it's fairly easy to break out
of a chrooted environment.  It's still good to keep the honest people away from
temptation...Can't you just trust your users?  (Obviously the answer is no if your
users are college or high school students like the guys I used to hang out with.)
At most companies I've been at, we made the decision as a matter of policy to trust
internal users, and if that trust was violated it became a matter for management
to deal with, just as if any other type of policy was violated...(you DO have a
written policy, right?)

--
Patrick J. Horgan         Broadvision Inc.

Phone : (415)943-3677     Los Altos, CA 94022-1404   will ride.
FAX   : (415)934-3701  Opinions mine, not my employers except by coincidence.

 
 
 

chroot() command

Post by Vic Metcal » Wed, 07 Feb 1996 04:00:00


: Just a side note, if you don't use a restricted shell it's fairly easy to break out
: of a chrooted environment.  It's still good to keep the honest people away from

At my company, we use a chrooted environment for dial-up access to our linux
system so that we can provide updates by modem for those without internet
access.  We also keep our source code on the server so that we can maintain
it with CVS.

It is important to us that the dialup accounts be fairly secure.  The passwd
file contains only entries for chrooted accounts, and the only binaries
available are bash, ls and sz from what I remember.  Nothing in the chrooted
environment is suid-root.

I know that just attaching a modem, and running a getty on it increases the
security risk for the system, but I would be very interested to find out
what possible security leaks exist in a chrooted environment.

Since this thread has turned to security issues, I have added
comp.security.unix to the cross-thread.  I hope nobody minds.

Regards,
  Vic.

 
 
 

1. ***CHROOT*** command for SCO/UNIX V386 3.2v4.2

This is a question for anyone who knows how to use the chroot command in sco/unix
or where I can find any documentation on how to use the chroot command.

Our programmer accidently turned off the power stript that our sco/unix is attched
to and the server crashed and corupted the data base, root filesystem and
filesystems. We rebuilt the sco/unix root filesystem and sco openserver V  v386
filesystem. We then restored  the root, /unix and /u filesystems to the hard disk
full OS backup this looked good and tasted great for about one day then the server
started to give error messages and finaly stopped running.Our problem is we used
the tar command with absolute paths / for the tape backups I have been told that if
we had used tar with relative paths ./ that we could have restored over the root
filesystem and kernel. I was told that the way that this can be done is with the
"CHROOT" command but I can't find any documentation on the chroot command.

Any help or pointers would be greatly appreciated. e-mail me with any help.
Thanks:
Phil Atkinson

2. TaskBar-like module for AfterStep?

3. chroot command...

4. port to PowerPC?

5. CHROOT Command

6. simple eval question

7. ***CHROOT**** command for SCO/UNIX v386 3.2v4.2

8. disk performance? iostat?

9. help with chroot command

10. chroot+Apache: possible to place logfiles outside chroot cell?

11. BIND config tool + How do I select between chroot and no chroot?

12. Running chroot applications in a chroot environment

13. How can I configurate a wu-ftp server with use of the command "chroot"?