I received a few replies. My thanks to Jonathan Andrews [jon.andrews@tradingscreen.com], who recommended using truss and snoop to check the processes and traffic to get a better idea of what is going on there. Derrick Daugherty [derrick@tachyon.pointone.com], who suggested I investigate the environment variable TMOUT, and try setting it to a value greater than 300 (seconds) and see if this makes a difference. and Joel.Lee@uboc.com, who pointed me towards http://www.bpfh.net/simes/computing/chroot-break.html , which discusses the security involved with chroot, and how a user can break out of a chrooted environment. Unfortunately, these good suggestions did not help me to find the problem. More web searching uncovered http://www.gsyc.inf.uc3m.es/~assman/jail/ , which includes some code and instructions that appear to do exactly what I want. I'll post a followup summary once I get a chance to try it out... Thanks, Gary Litwin Sr. Configuration Management Systems Engineer Metapath Software International Bellevue, WA. 425-519-2067 -----Original Message----- From: Gary Litwin [mailto:Gary.Litwin@marconi.com] Sent: Monday, August 13, 2001 2:23 PM To: 'sunmanagers@sunmanagers.org' Subject: Has anyone set up a chroot restricted environment? Hello, All - I am trying to set up a chrooted filesystem environment where users log in via telnet, and are restricted to their own directory structure. I am not trying to set up an anonymous ftp structure, so the information and script associated with in.ftpd that explains how to set up anonymous ftp has not provided the complete information needed to complete the configuration. I didn't find anything directly applicable in the Sun-Manager archives. I have set up the basic structure, included a minimal password, group, and shadow file, pam.conf , /dev and the stuff in /usr/lib suggested by the in.ftpd man page. I set the login shell entry in the password file to *, as this sets the root directory to the directory listed in the password file, per the man page for login. I am able to telnet over and log in as the particular user, and only see the restricted filesystem, but the user gets logged out after 5 minutes, with the message "connection closed by foreign host" I think I'm most of the way there, but still must have a piece missing. Has anyone got this working? Gary Litwin Sr. Configuration Management Systems Engineer Metapath Software International Bellevue, WA. 425-519-2067 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Aug 17 15:02:03 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:25:01 EDT