*BSD News Article 9313


Return to BSD News archive

Received: by minnie.vk1xwt.ampr.org with NNTP
	id AA5561 ; Fri, 01 Jan 93 01:49:08 EST
Xref: sserve comp.unix.bsd:9370 comp.unix.questions:29723
Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!think.com!enterpoop.mit.edu!eru.mt.luth.se!lunic!sunic!news.funet.fi!fuug!prime!mits!karttu
From: karttu@mits.mdata.fi (Antti Karttunen)
Newsgroups: comp.unix.bsd,comp.unix.questions
Subject: WEIRD IDEA? (chroot)
Message-ID: <1992Dec26.191816.26596@prime.mdata.fi>
Date: 26 Dec 92 19:18:16 GMT
Sender: usenet@prime.mdata.fi (Usenet poster)
Organization: MITS, Helsinki, Finland
Lines: 70
Nntp-Posting-Host: mits.mdata.fi

We are thinking about building a kind of unix BBS-system,
and for one reason (don't ask me why) I would want to keep certain class
of users segregated from the rest, and their id's in the separate
passwd-file.

We probably will be using BSD 4.3, and I have thought about using the
chroot function for these special users, in the patched login I'm
about to hack.

Now, let's assume that the root-directory for these special users
is called /usr/customers. To there I'll create subdirectories
bin, dev, usr, etc, 'emulating' the real /bin, /dev, /usr and /etc
directories, like is done with the most ftp-sites nowadays.
I want to give these users access to certain commands but not to all,
so I copy some commands from real /bin to our 'fake' /bin, namely
/usr/customers/bin. Because we probably will have / and /usr in the
separate filesystems I can't use hard links, and neither the symbolic links
will work from 'inside' /usr/customers to 'outside' of it. To the rest of
commands, programs and files in /usr/ucb, /usr/bin, /usr/games,
/usr/local/bin and /usr/lib I can make hard links with ln.
(Hmm, just realized that I could move some of the commands in /bin to
/usr/customers/bin and then make symbolic links to them from the real /bin
>From 'outside' to 'inside' they will work, of course.)

There should be at least passwd and group files in the etc directory,
and various programs need various other files there, and with them I can
do the same trick, or use different files. For example, if using separate
utmp file there, we could create the illusion that these special users
are alone in the machine.

About devices in /dev,  man chroot  gives the following warning:

  BUGS
       One should exercise extreme caution when	referencing device
       files in	the new	root file system.

and then tells nothing about why this extreme caution is needed.

With these I could probably again move the tty-devices and others
to /usr/customers/dev and then make symbolic links to them from /dev,
or create devices with the same names into /usr/customers/dev
with /etc/mknod command. Probably it's this latter case where we
will run into more problems, if we have processes started by special
and normal users trying to access the same devices via /dev and
/usr/customers/dev, with differing protections and different owners
in these device-files.

With mail there are probably some problems when considering the mail
between special and other users (separate spool-directories), but I
think they will be also solvable with symbolic links or weird alias-tricks.

Everything said above was probably self-evident for you, but now the
main questions:

1) Has anybody built this kind of system before, for _interactive_ users?
(I don't mean the ftp-servers).

2) Have I forgot anything essential, something which will run us
into deep problems later? (If we want to use some software X or thing Y
in the future.)

3) If this chrooting is not so wonderful idea after all, does there
exist SysV-esque rsh for BSD4.3 anywhere? (I mean the Restricted Shell,
not Remote Shell). If you answer only to this last question, then
please do it with mail, and I will then summarize.

I will be grateful for any comments and suggestions.

--
Antti Karttunen / karttu@mits.mdata.fi / $B%"%s%C%F%#!!%+%k%C%H%%%M%s(J