1 .TH chrootsh 8 "20 April 1999" "Local tools"
3 chrootsh \- logs a user into a safe chrooted environment
7 Set a user's shell to the
13 ensures that the current user has his or her shell set to be
15 If not, an error is raised and the program exits.
17 Assuming things check out OK, the user's home directory is examined. It
19 .IB gaoldir /./ homedir
22 is the path to the chroot gaol in which the user is to be imprisoned,
25 is the path from the root of the gaol to the user's actual home
26 directory. (This is for the benefit of users outside the gaol;
28 uses information from the gaol's
30 file to work this out. You'd do yourself a favour to make sure the two
33 Once the new root directory is set,
35 drops all of its privileges, and re-reads the user's information
36 (presumably from a local version of the
38 file) to find the appropriate shell and home directory. It sets
39 appropriate values in the environment, and invokes the user's shell.
43 is a carefully set-up environment for users to run in, with a minimal
44 set of tools installed. To set up a user
46 within the gaol, make a directory
47 .B /home/gaol/home/fred
48 for the user, setting the access permissions as required. Then add a
54 fred:*:1042:1042:Fred:/home/gaol/./home/fred:/usr/bin/chrootsh
59 to the main password database (wherever that is). Then, put a line
64 fred:*:1042:1042:Fred:/home/fred:/bin/sh
69 in the gaol's password file
70 .BR /home/gaol/etc/passwd .
71 Finally, set a sensible password for
73 in the main password database, and everything ought to work.
77 program must be installed
79 While the author has made a fair effort to avoid security holes, he
80 might have missed something. There's no substitute for thorough
81 auditing. If you find a security problem, please report it to the
82 author as a serious bug.
87 Mark Wooding (mdw@nsict.org)