Return to BSD News archive
Received: by minnie.vk1xwt.ampr.org with NNTP id AA5561 ; Fri, 01 Jan 93 01:49:08 EST Xref: sserve comp.unix.bsd:9370 comp.unix.questions:29723 Path: sserve!manuel.anu.edu.au!munnari.oz.au!spool.mu.edu!think.com!enterpoop.mit.edu!eru.mt.luth.se!lunic!sunic!news.funet.fi!fuug!prime!mits!karttu From: karttu@mits.mdata.fi (Antti Karttunen) Newsgroups: comp.unix.bsd,comp.unix.questions Subject: WEIRD IDEA? (chroot) Message-ID: <1992Dec26.191816.26596@prime.mdata.fi> Date: 26 Dec 92 19:18:16 GMT Sender: usenet@prime.mdata.fi (Usenet poster) Organization: MITS, Helsinki, Finland Lines: 70 Nntp-Posting-Host: mits.mdata.fi We are thinking about building a kind of unix BBS-system, and for one reason (don't ask me why) I would want to keep certain class of users segregated from the rest, and their id's in the separate passwd-file. We probably will be using BSD 4.3, and I have thought about using the chroot function for these special users, in the patched login I'm about to hack. Now, let's assume that the root-directory for these special users is called /usr/customers. To there I'll create subdirectories bin, dev, usr, etc, 'emulating' the real /bin, /dev, /usr and /etc directories, like is done with the most ftp-sites nowadays. I want to give these users access to certain commands but not to all, so I copy some commands from real /bin to our 'fake' /bin, namely /usr/customers/bin. Because we probably will have / and /usr in the separate filesystems I can't use hard links, and neither the symbolic links will work from 'inside' /usr/customers to 'outside' of it. To the rest of commands, programs and files in /usr/ucb, /usr/bin, /usr/games, /usr/local/bin and /usr/lib I can make hard links with ln. (Hmm, just realized that I could move some of the commands in /bin to /usr/customers/bin and then make symbolic links to them from the real /bin >From 'outside' to 'inside' they will work, of course.) There should be at least passwd and group files in the etc directory, and various programs need various other files there, and with them I can do the same trick, or use different files. For example, if using separate utmp file there, we could create the illusion that these special users are alone in the machine. About devices in /dev, man chroot gives the following warning: BUGS One should exercise extreme caution when referencing device files in the new root file system. and then tells nothing about why this extreme caution is needed. With these I could probably again move the tty-devices and others to /usr/customers/dev and then make symbolic links to them from /dev, or create devices with the same names into /usr/customers/dev with /etc/mknod command. Probably it's this latter case where we will run into more problems, if we have processes started by special and normal users trying to access the same devices via /dev and /usr/customers/dev, with differing protections and different owners in these device-files. With mail there are probably some problems when considering the mail between special and other users (separate spool-directories), but I think they will be also solvable with symbolic links or weird alias-tricks. Everything said above was probably self-evident for you, but now the main questions: 1) Has anybody built this kind of system before, for _interactive_ users? (I don't mean the ftp-servers). 2) Have I forgot anything essential, something which will run us into deep problems later? (If we want to use some software X or thing Y in the future.) 3) If this chrooting is not so wonderful idea after all, does there exist SysV-esque rsh for BSD4.3 anywhere? (I mean the Restricted Shell, not Remote Shell). If you answer only to this last question, then please do it with mail, and I will then summarize. I will be grateful for any comments and suggestions. -- Antti Karttunen / karttu@mits.mdata.fi / $B%"%s%C%F%#!!%+%k%C%H%%%M%s(J