On Sat, 2002-07-06 at 02:44, Cameron Simpson wrote: > On 02:12 06 Jul 2002, Jay Daniels <[EMAIL PROTECTED]> wrote: > | I am also interested in this topic. According to the man page chroot > | would work something like this as users shell but I can't get it work > | even though I copied /bin/bash to /home/login/bin > | > | chroot /home/login /home/login/bin/bash -i > | > | Is there a chroot shell you could assign users or simpler way to put > | them in a jail? What is wrong with the above line? > > Well, the command name should probably be _post_ chroot i.e. /bin/bash, > not /home/login/bin/bash (remember - the chroot will be calling execve() > _after_ chroot()ing). > > Also, one of the many pleasures of chroot jails is that you need to put > all the needed shared libraries in the chroot jail so dynamicly linked > programs can find them. "ldd /bin/bash" on my system says: > > [~]amadeus*> ldd /bin/bash > libtermcap.so.2 => /lib/libtermcap.so.2 (0x40032000) > libdl.so.2 => /lib/libdl.so.2 (0x40036000) > libc.so.6 => /lib/libc.so.6 (0x4003a000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) > > so you also need a fake /lib in the jail with hardlinked (or copied) > instances of these library files. And so on. > -- > Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
Perhaps restricting user from using ports would be better. How do you do this without using chroot copying all those programs and libs? I would like to restrict certain group users from using telnet, portscanners, etc. "chgrp mygroup telnet" does not seem right? What if they compile a portscanner in their home dir, how do you stop users in a certain group from using ports? jay _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
