*BSD News Article 89883


Return to BSD News archive

Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mira.net.au!vic.news.telstra.net!news.telstra.net!newsfeed.internetmci.com!EU.net!uknet!usenet1.news.uk.psi.net!uknet!uknet!newsfeed.ed.ac.uk!edcogsci!richard
From: richard@cogsci.ed.ac.uk (Richard Tobin)
Subject: Re: help with chroot command
X-Nntp-Posting-Host: pitcairn
Message-ID: <E61DEI.CEx@cogsci.ed.ac.uk>
Sender: cnews@cogsci.ed.ac.uk (C News Software)
Organization: HCRC, University of Edinburgh
References: <01bc1ff8$11a7eea0$0ab98fc2@cps.nettec.net>
Date: Sun, 23 Feb 1997 03:23:05 GMT
Lines: 21
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:35930

In article <01bc1ff8$11a7eea0$0ab98fc2@cps.nettec.net> "Craig Stratton" <craig@nettec.net> writes:
>At present, if i execute this : chroot /usr/home/name then i get 'operation
>not permitted'

You can only run chroot as root, since it would be a serious security
hole otherwise (eg you could chroot to a directory with an etc/passwd
with no root password).

I guess the easiest way to do it is to write a setuid program that calls
chroot() with the appropriate directory hard-wired in.  Using the chroot
program (as opposed to the system call) doesn't seem to save you much
in this case.

>Do i need a copy of the shell in a local bin directory, as with ftp access
>?

Yes.

-- Richard
--
"Cake is a bistrubile cranabolic amphetamoid"