Re: Chroot users into their own home folders
Brought to you by:
xystrus
Menu
▾
▴
Re: Chroot users into their own home folders
|
From: Jesse S. <jm...@ri...> - 2007-07-02 20:39:39
|
I think I'm going to try something like this. I'm trying to create a shell script that will automate the process describe in a tutorial like that one. Since I'm working on an ubuntu box, I found a slightly modified tutorial that seems more acurate for this distro: http://ubuntuforums.org/showthread.php?t=128206 My script so far looks like this: #!/bin/bash #create a personalize home jail in 8 easy steps! # 1) get the username if [ -n "$1" ] ; then echo "Creating chroot home for $1!" # 2) add line to rssh config based on username echo "user=\"$1:077:00010:/home/$1\"" >> ~/Desktop/rssh.conf # 3) Run mkchroot script - Must be run as sudo mkchroot.sh /home/"$1" "$1" # 4) move appropriate files into the jail - Also needs to be run as sudo cp /lib/ld-linux.so.2 /home/$1/lib/ cp /lib/libnss_compact.so.2 /home/$1/lib/ # 5) Run adduser $user, with shell /usr/bin/rssh - run as sudo adduser "$1" --shell /usr/bin/rssh # 6) Add entry to chroot passwd file echo "$1:x:1001:1001:Chroot user,,,:/:/usr/bin/rssh" >> /home/$1/etc/passwd # 7) link chroot sftp-server to global one - run as sudo sudo ln /home/$1/usr/lib/openssh/sftp-server /home/$1/usr/lib/ # 8) Add the all important null device - run as sudo mknod -m 666 /home/$user/dir/dev/null c 1 3 else ; echo "Usage: $0 username" fi Obviously, it needs some work. But does this seem feasible? Thanks again, Jesse P.S. I'm not too worried about logging these users using syslog. This makes things easier in that I don't have to worry about how many users can log in at once as syslog only allows 20 sockets. On 7/2/07, Gary Lundquest <gar...@au...> wrote: > I did something similar a couple of years ago, but I just allowed SFTP and > no shell. I found the following link helpful. I basically had to figure > out what files were needed to run a mini-shell, and copy a complete set of > files for each user. Putting the copy commands into a shell script made the > 2nd user a bit quicker to set up. > > http://gentoo-wiki.com/HOWTO_SFTP_Server_%28chrooted%2C_without_shell%29 > > Hope this helps. > > -Gary > > > ----- Original Message ----- > From: "Jesse Spielman" <jm...@ri...> > To: <rss...@li...> > Sent: Monday, July 02, 2007 1:48 PM > Subject: Chroot users into their own home folders > > > > Hello Everyone. > > > > This is my first post, and I'd like to apologize if this issue has > > been discussed before, but despite hours of my best googling I've been > > unable to find it. > > > > I'm trying to create a chroot jail for each user...most tutorials out > > there seem to be focused on blocking users from seeing the underlying > > OS, and this is great, but most of these tutorials build a chroot jail > > where all the chrooted users can still see each other's files. > > > > Is it possible using rssh or any other tool to lock each user in their > > own home folder where the root directory is their own home folder when > > logged in? > > > > Any help or pointers would be greatly appreciated. > > > > Thanks again, and have a great day! > > Jesse > > > > -- > > Activate interlock! Dynotherms connected! Infracells up! Mega > > thrusters are go! LET'S GO VOLTRON FORCE! > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > rssh-discuss mailing list > > rss...@li... > > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > -- Activate interlock! Dynotherms connected! Infracells up! Mega thrusters are go! LET'S GO VOLTRON FORCE! |