Finally, set a sensible password for
.B fred
in the main password database, and everything ought to work.
+.PP
+The
+.B chrootsh
+program makes entries in the system log whenever a user logs in, or when
+something goes wrong. Every call ought to make at least one log entry.
+Logging is done to the
+.B LOG_DAEMON
+facility, because the idea is that users with shells like this get used
+to run `daemon'-like services.
.SH BUGS
The
.B chrootsh
/* -*-c-*-
*
- * $Id: chrootsh.c,v 1.2 1999/04/21 09:07:55 mdw Exp $
+ * $Id: chrootsh.c,v 1.3 1999/04/21 22:52:43 mdw Exp $
*
* Chroot gaol shell
*
/*----- Revision history --------------------------------------------------*
*
* $Log: chrootsh.c,v $
+ * Revision 1.3 1999/04/21 22:52:43 mdw
+ * Added a pile of syslog stuff, so that admins can see what this thing is
+ * doing.
+ *
* Revision 1.2 1999/04/21 09:07:55 mdw
* Fiddle with copyright messages so that they're correct.
*
#include <sys/types.h>
#include <unistd.h>
+#include <syslog.h>
#include <pwd.h>
extern char **environ;
{
struct passwd *pw;
uid_t me = getuid();
+ char *myname;
char **env;
char **av;
if (*q == '/')
p = q + 1;
}
+ if (*p == '-')
+ p++;
quis = p;
+ openlog(quis, LOG_PID | LOG_NDELAY, LOG_DAEMON);
}
/* --- Check the user is meant to be chrooted --- */
pw = getpwuid(me);
if (!pw) {
+ syslog(LOG_ERR, "executed by non-existant user (uid = %i)", (int)me);
fprintf(stderr, "%s: you don't exist. Go away.\n", quis);
exit(EXIT_FAILURE);
}
if (strcmp(pw->pw_shell, CHROOTSH_PATH) != 0) {
+ syslog(LOG_ERR, "executed by non-chrooted user `%s'", pw->pw_name);
fprintf(stderr, "%s: you aren't a chrooted user\n", quis);
exit(EXIT_FAILURE);
}
*q = 0;
if (chdir(p) || chroot(p)) {
+ syslog(LOG_ERR, "error entering chroot gaol: %m");
fprintf(stderr, "%s: couldn't call chroot: %s", quis, strerror(errno));
exit(EXIT_FAILURE);
}
/* --- Read the new password block --- */
{
- char *p = xstrdup(pw->pw_name);
- pw = getpwnam(p);
- free(p);
+ myname = xstrdup(pw->pw_name);
+ pw = getpwnam(myname);
if (!pw) {
+ syslog(LOG_ERR,
+ "configuration error: user `%s' not defined in gaol", myname);
fprintf(stderr, "%s: you don't exist in the gaol\n", quis);
exit(EXIT_FAILURE);
}
/* --- Run the real shell --- */
+ syslog(LOG_INFO, "chroot user `%s' logged in ok", myname);
+ closelog();
execve(pw->pw_shell, av, env);
fprintf(stderr, "%s: couldn't exec `%s': %s",
quis, pw->pw_shell, strerror(errno));