Eagle
07-05-2001, 07:47 PM
Allrighty,
Well...I've tried everything I thought could be done...but perhaps you guys have some suggestions.
I do not offer telnet on my RaQs, however, ONE customer REALLY needs it...
RaQ4 is great with FTP... They have a certain root and cannot go up dirs from there (prevents them from looking where they shouldnt...) But telnet does not offer this (by default). How do I do this?
Now...
I've tried this:
------------------------------------------------------------------------
The command you want to use is called "chroot". chroot
starts a shell and makes a subdirectory in the system
appear to be the root directory.
So, if you have a user who you want to limit to
/vhosts/somedomain, you should create little shell script
which you can put in /usr/local/bin that looks like this:
#!/usr/sbin/chroot /vhosts/somedomain /bin/bash
Here I've assumed that you have chroot in /usr/sbin and
the shell the user wants to run is /bin/bash. Then
set that user's shell in /etc/passwd to be your shell
script.
One caveat to using chroot is that it cuts off all access
to directories not under that root (which is what you want)
but that also means that access to programs in /bin and
/usr/bin is no longer available so users will not be able
to run any of these programs. You must make new copies
of all software that user will need under the new root.
This is the traditional way to set up anonymous ftp
access as well. That's why most anon ftp sites have a
/bin directory with basic commands in them. If there
wasn't such a directory, the ftp account running in its
own root wouldn't be able to run "ls" or other such things.
------------------------------------------------------------------------
Well...Great..... But dont work :(
Could anyone perhaps help me? GREATLY APPRECIATED!!
Oh btw, It's a RaQ4
Well...I've tried everything I thought could be done...but perhaps you guys have some suggestions.
I do not offer telnet on my RaQs, however, ONE customer REALLY needs it...
RaQ4 is great with FTP... They have a certain root and cannot go up dirs from there (prevents them from looking where they shouldnt...) But telnet does not offer this (by default). How do I do this?
Now...
I've tried this:
------------------------------------------------------------------------
The command you want to use is called "chroot". chroot
starts a shell and makes a subdirectory in the system
appear to be the root directory.
So, if you have a user who you want to limit to
/vhosts/somedomain, you should create little shell script
which you can put in /usr/local/bin that looks like this:
#!/usr/sbin/chroot /vhosts/somedomain /bin/bash
Here I've assumed that you have chroot in /usr/sbin and
the shell the user wants to run is /bin/bash. Then
set that user's shell in /etc/passwd to be your shell
script.
One caveat to using chroot is that it cuts off all access
to directories not under that root (which is what you want)
but that also means that access to programs in /bin and
/usr/bin is no longer available so users will not be able
to run any of these programs. You must make new copies
of all software that user will need under the new root.
This is the traditional way to set up anonymous ftp
access as well. That's why most anon ftp sites have a
/bin directory with basic commands in them. If there
wasn't such a directory, the ftp account running in its
own root wouldn't be able to run "ls" or other such things.
------------------------------------------------------------------------
Well...Great..... But dont work :(
Could anyone perhaps help me? GREATLY APPRECIATED!!
Oh btw, It's a RaQ4