Page 1
Sjoerd's user-chroot-HOWTO 29-10-2001
Introduction
This HOWTO shortly explains how one can chroot a user during login. This means that after the user has logged in, he is restricted to a certain directory. This directory is his new root directory. See the chroot manual for more details about chroot.
Configuration
You have to configure two options:
- /etc/passwd
- setting up a chroot directory
Configuring /etc/passwd
ftp:x:604:604:FTP,,,:/pub/ftp/:*The important thing is the star at the end. This indicates that after login, a chroot is done to the user's directory (here /pub/ftp) and another login session is started.
Note: Two login sessions are started, and the user has to give his password twice if you don't do anything about it.
Setting up the chroot directory
Links are green, dirs are blue.
- bin/bash
- bin/login
- dev/
- etc/group
- etc/pam.conf
- etc/pam.d/
- etc/passwd
- etc/shadow
- lib/ld-2.2.4.so
- lib/ld-linux.so.2
- lib/libc-2.2.4.so
- lib/libc.so.6
- lib/libcrypt-2.2.4.so
- lib/libcrypt.so.1
- lib/libdl-2.2.4.so
- lib/libdl.so.2
- lib/libhistory.so.4.2
- lib/libhistory.so.4
- lib/libncurses.so.5.2
- lib/libncurses.so.5
- lib/libpam.so.0.72
- lib/libpam.so.0
- lib/libpam_misc.so.0.72
- lib/libpam_misc.so.0
- lib/libreadline.so.4.2
- lib/libreadline.so.4
You need a login and a shell: /bin/bash and /bin/login. These programs need libraries. You can find out which libraries by executing
ldd. Login does also need the pam configuration files and some files in the dev directory. My dev dir contains
zero,
nulland the result of
/dev/MAKEDEV console(login reported that it couldn't find my tty).
The links in the lib dir are the same as where I coppied them from.
One can test his rootdir by executing:
- chroot . /bin/bash
- chroot . /bin/login