| 1 | .TH chrootsh 8 "20 April 1999" "Local tools" |
| 2 | .SH NAME |
| 3 | chrootsh \- logs a user into a safe chrooted environment |
| 4 | .SH SYNOPSIS |
| 5 | .B chrootsh |
| 6 | .SH USAGE |
| 7 | Set a user's shell to the |
| 8 | .B chrootsh |
| 9 | program's path. |
| 10 | .PP |
| 11 | When run, |
| 12 | .B chrootsh |
| 13 | ensures that the current user has his or her shell set to be |
| 14 | .BR chrootsh . |
| 15 | If not, an error is raised and the program exits. |
| 16 | .PP |
| 17 | Assuming things check out OK, the user's home directory is examined. It |
| 18 | should be of the form |
| 19 | .IB gaoldir /./ homedir |
| 20 | where |
| 21 | .I gaoldir |
| 22 | is the path to the chroot gaol in which the user is to be imprisoned, |
| 23 | and |
| 24 | .I homedir |
| 25 | is the path from the root of the gaol to the user's actual home |
| 26 | directory. (This is for the benefit of users outside the gaol; |
| 27 | .B chrootsh |
| 28 | uses information from the gaol's |
| 29 | .B /etc/passwd |
| 30 | file to work this out. You'd do yourself a favour to make sure the two |
| 31 | are consistent.) |
| 32 | .PP |
| 33 | Once the new root directory is set, |
| 34 | .B chrootsh |
| 35 | drops all of its privileges, and re-reads the user's information |
| 36 | (presumably from a local version of the |
| 37 | .B /etc/passwd |
| 38 | file) to find the appropriate shell and home directory. It sets |
| 39 | appropriate values in the environment, and invokes the user's shell. |
| 40 | .SH EXAMPLE |
| 41 | Suppose |
| 42 | .B /home/gaol |
| 43 | is a carefully set-up environment for users to run in, with a minimal |
| 44 | set of tools installed. To set up a user |
| 45 | .B fred |
| 46 | within the gaol, make a directory |
| 47 | .B /home/gaol/home/fred |
| 48 | for the user, setting the access permissions as required. Then add a |
| 49 | line like |
| 50 | .PP |
| 51 | .RS 5 |
| 52 | .nf |
| 53 | .ft B |
| 54 | fred:*:1042:1042:Fred:/home/gaol/./home/fred:/usr/bin/chrootsh |
| 55 | .ft R |
| 56 | .fi |
| 57 | .RE |
| 58 | .PP |
| 59 | to the main password database (wherever that is). Then, put a line |
| 60 | .PP |
| 61 | .RS 5 |
| 62 | .nf |
| 63 | .ft B |
| 64 | fred:*:1042:1042:Fred:/home/fred:/bin/sh |
| 65 | .ft R |
| 66 | .fi |
| 67 | .RE |
| 68 | .PP |
| 69 | in the gaol's password file |
| 70 | .BR /home/gaol/etc/passwd . |
| 71 | Finally, set a sensible password for |
| 72 | .B fred |
| 73 | in the main password database, and everything ought to work. |
| 74 | .SH BUGS |
| 75 | The |
| 76 | .B chrootsh |
| 77 | program must be installed |
| 78 | .RB setuid- root . |
| 79 | While the author has made a fair effort to avoid security holes, he |
| 80 | might have missed something. There's no substitute for thorough |
| 81 | auditing. If you find a security problem, please report it to the |
| 82 | author as a serious bug. |
| 83 | .SH SEE ALSO |
| 84 | .BR banned (8), |
| 85 | .BR ushell (1). |
| 86 | .SH AUTHOR |
| 87 | Mark Wooding (mdw@nsict.org) |