On Tue, 2003-08-19 at 21:50, Vincent Danen wrote: > On Tue Aug 19, 2003 at 07:31:02PM -0700, Jack Coates wrote: > > > > > > I have a user login name that is used to run a game server process > > > > > (Neverwinter Nights, if it matters :). > > > > > > > > > > I don't know if it's possible for a remote user to crash the game process > > > > > in a way which would leave them sitting in a shell, but since I don't know > > > > > that the chances are 0%, I'm thinking that having the login name chroot > > > > > jailed to its home directory would limit the damage that someone could do > > > > > if they *did* somehow manage to end up in a shell via a server process > > > > > crash. > > > > > > > > > > Is there a way to to this? > > > > > > > > Look at the user's line in /etc/password. At the end is the shell > > > > they'll be given. chroot them there. > > > > > > Er, all that does is just show me which shell they're logging in to use. > > > I'm at a loss as to how that will restrict them to their own home directory > > > as being / to them when logged in - thus keeping them away from the rest of > > > the system. Could you please provide some specifics? > > > > > > --Dave > > > > how about changing /bin/bash to chroot /new/root /bin/bash? > > > > Be aware that bash expects a whole lotta stuff to be around, which > > you'll need to recreate under the new root. > > I don't think that will work as you'll need to be root to chroot IIRC. What > you could do is write a script that does the chroot and call it via sudo, > then do something like "/usr/bin/sudo /somescript/chrootuser" which does the > chroot call as root.
good point -- last time I did this it was in inetd.conf and I was using DJB's setuidgid as part of the trick. > > You're right about the environment tho. You'll need to have a /bin/bash in > the chroot and then recreate the libs it wants or recompile it static. > > You could also use /bin/rbash which is somewhat better than just bash, but > not as nice as chroot (but a lot easier to setup). -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
