mdw@git.distorted.org.uk Git - shells/blob - chrootsh.8

   1 .\" -*-nroff-*-
   2 .TH chrootsh 8 "20 April 1999" "Local tools"
   3 .SH NAME
   4 chrootsh \- logs a user into a safe chrooted environment
   5 .SH SYNOPSIS
   6 .B chrootsh
   7 .SH USAGE
   8 Set a user's shell to the
   9 .B chrootsh
  10 program's path.
  11 .PP
  12 When run,
  13 .B chrootsh
  14 ensures that the current user has his or her shell set to be
  15 .BR chrootsh .
  16 If not, an error is raised and the program exits.
  17 .PP
  18 Assuming things check out OK, the user's home directory is examined.  It
  19 should be of the form
  20 .IB gaoldir /./ homedir
  21 where
  22 .I gaoldir
  23 is the path to the chroot gaol in which the user is to be imprisoned,
  24 and
  25 .I homedir
  26 is the path from the root of the gaol to the user's actual home
  27 directory.  (This is for the benefit of users outside the gaol;
  28 .B chrootsh
  29 uses information from the gaol's
  30 .B /etc/passwd
  31 file to work this out.  You'd do yourself a favour to make sure the two
  32 are consistent.)
  33 .PP
  34 Once the new root directory is set,
  35 .B chrootsh
  36 drops all of its privileges, and re-reads the user's information
  37 (presumably from a local version of the
  38 .B /etc/passwd
  39 file) to find the appropriate shell and home directory.  It sets
  40 appropriate values in the environment, and invokes the user's shell.
  41 .SH EXAMPLE
  42 Suppose
  43 .B /home/gaol
  44 is a carefully set-up environment for users to run in, with a minimal
  45 set of tools installed.  To set up a user
  46 .B fred
  47 within the gaol, make a directory
  48 .B /home/gaol/home/fred
  49 for the user, setting the access permissions as required.  Then add a
  50 line like
  51 .PP
  52 .RS 5
  53 .nf
  54 .ft B
  55 fred:*:1042:1042:Fred:/home/gaol/./home/fred:/usr/bin/chrootsh
  56 .ft R
  57 .fi
  58 .RE
  59 .PP
  60 to the main password database (wherever that is).  Then, put a line
  61 .PP
  62 .RS 5
  63 .nf
  64 .ft B
  65 fred:*:1042:1042:Fred:/home/fred:/bin/sh
  66 .ft R
  67 .fi
  68 .RE
  69 .PP
  70 in the gaol's password file
  71 .BR /home/gaol/etc/passwd .
  72 Finally, set a sensible password for
  73 .B fred
  74 in the main password database, and everything ought to work.
  75 .PP
  76 The
  77 .B chrootsh
  78 program makes entries in the system log whenever a user logs in, or when
  79 something goes wrong.  Every call ought to make at least one log entry.
  80 Logging is done to the
  81 .B LOG_DAEMON
  82 facility, because the idea is that users with shells like this get used
  83 to run `daemon'-like services.
  84 .SH BUGS
  85 The
  86 .B chrootsh
  87 program must be installed
  88 .RB setuid- root .
  89 While the author has made a fair effort to avoid security holes, he
  90 might have missed something.  There's no substitute for thorough
  91 auditing.  If you find a security problem, please report it to the
  92 author as a serious bug.
  93 .SH SEE ALSO
  94 .BR banned (8),
  95 .BR ushell (1).
  96 .SH AUTHOR
  97 Mark Wooding (mdw@nsict.org)