Find the answer to your Linux question:
Results 1 to 2 of 2
How do you make a restricted bash enviroment for a few users? Thanks....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2003
    Posts
    3

    How do you make a rbash?


    How do you make a restricted bash enviroment for a few users?

    Thanks.

  2. #2
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    I wouldn't use rbash for that. Rbash is basicly puts you in an unusable enviroment. I had just setup a shell server for a company last week which required a rescricted shell. What I did was write an ebuild for gentoo which uses openssh 3.5 and it applies a patch which calls chroot from within sshd when their home dir is set to something like /home/chroot/./home/test. The /./ tells sshd to chroot(home/chroot/) for that user. So now their root directory is actually /home/chroot and their home directory is /home/chroot/home/test. What I did under /home/chroot was create a fake enviroment for the users. I added only what they needed to use in /bin and /usr/bin. I used ldd to get the required libs to copy over to /lib. Users in the chroot can not change their password because they do not have access to the real passwd file so what I did was insteal nis on the server. I have the servers acting as the nis master server and as a client from within the chroot. I setup nsswitch.conf inside the chroot to use the nis server so it has access to the real passwd file to change passwords and to map usernames to uids. When users log into the server, most don't even realize they are in a chroot jail which is good. I use the grsecurity patch on the kernel which makes it close to impossible to break out of the chroot. That might be a little overkill but it works very well for a restricted shell. If you have anymore questions or what to see some of the scripts I wrote for this let me know.

    EDIT
    Hmm, maybe I should write a howto for this. I see these questions asked a lot but a lot of users seem to have a hard time setting up a chroot jail for users.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •