How can i use chroot

How can i use chroot

Post by Danny Larouc » Thu, 22 Jun 1995 04:00:00



Is somebody out there can help me on using chroot on a non-su
account connexion (in .profile i guess).

I need this for security, to make the current directory become
the root(/) directory. I made file link for some utility like
ls, cat, ...in this new root. I inserted my chroot call in
my .profile. But it give me a privilege error, cause this
command need su status.

Any Idea,??

If i use rsh, the user cannot change directory, but he can
make operation on these...

Danny Larouche

___ Blue Wave/QWK v2.12

...
--
             ./\.

          \        /   ABS International, Montreal, Quebec, Canada
           >______<    FAX/Data: 514.937.7451
              /

 
 
 

How can i use chroot

Post by Out of his min » Sat, 24 Jun 1995 04:00:00



Quote:> Is somebody out there can help me on using chroot on a non-su
> account connexion (in .profile i guess).
> my .profile. But it give me a privilege error, cause this
> command need su status.

chroot(2) (the system call) is restricted to superuser only. This is because
the ability to change root directory may give people unauthorized access;
in anonymous FTP, for example, chroot() is used to make the / directory
point to the anonymous FTP area.

If you want a possibility, try this (but realize that like this there is
no way to change back to the original directory, and that now all /bin
commands must be *under* the ROOTDIR):

/**** chrdir.c ****/

#define ROOTDIR "/home/restricted/whoever"
/* ROOTDIR is where you want / for the user to be */

#include <unistd.h>
#include <stdio.h>

int main(void) {
  if (chroot(ROOTDIR)) {
    perror("chrdir");
    return 50;
  }
  return 0;

Quote:}

/******************/

Compile this and install it somewhere preferably only accessible by the
user in question. Change the owner to root and change file mode to 04711.
It will return 50 in the status code if the chroot was unsuccessful; 0
if it was successful.

-----

== Have you done your reality check today? == Hey Kids...what time is it?? ==
== LAISSEZ-FAIRE - No Internet Censorship! == (It's Pol-i-ti-cian Time!!!) ==
== Go Woody! Now I wonder how the Shuttles stand up to those meteorites... ==

 
 
 

How can i use chroot

Post by Casper H.S. D » Sun, 25 Jun 1995 04:00:00



>If i use rsh, the user cannot change directory, but he can
>make operation on these...

No, he shouldn't be able to do so.  But remember that a good rsh environment
also uses a restricted set of commands  Putting /bin or /usr/bin in the PATH
of a restricted shell account negates the restrictedness of the shell.

Casper
--
Casper Dik - Network Security Engineer - Sun Microsystems
This article is posted from my guest account at the University

Opinions expressed here are mine (but you're welcome to share them with me)

 
 
 

1. chroot+Apache: possible to place logfiles outside chroot cell?

Hi there,

I was wondering whether there is a way to place the apache logfiles
outside of a chroot cell, so that they aren't accessible to some
creative
soul, who gained access to the chroot cell. (running Linux 2.2.6)

The ErrorLog directive already has the facility to pass the errors to
syslogd (which can bind to several /dev/log so that it can pick up
messages
in the chroot cell and place them in /var/log/messages), but what about
the other
log files?

Any ideas?

thanx

Dorothea

2. Interactive eats Intel V.4?

3. BIND config tool + How do I select between chroot and no chroot?

4. FreeBDS VPN

5. Running chroot applications in a chroot environment

6. Eikaiwa!30%off!Also by phone&email lessons!

7. It's not bad canned meat...

8. Top 10 posters comp.unix.shell

9. using ports/net/bind8 with chroot

10. Canned Proxy URLs to Filter

11. CGI: apache canned response

12. For those of you tired of canned distributions...