Results 1 to 2 of 2
Thread: How do you make a rbash?
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Apr 2003
How do you make a rbash?
- Join Date
- Jan 2003
- Lebanon, pa
I wouldn't use rbash for that. Rbash is basicly puts you in an unusable enviroment. I had just setup a shell server for a company last week which required a rescricted shell. What I did was write an ebuild for gentoo which uses openssh 3.5 and it applies a patch which calls chroot from within sshd when their home dir is set to something like /home/chroot/./home/test. The /./ tells sshd to chroot(home/chroot/) for that user. So now their root directory is actually /home/chroot and their home directory is /home/chroot/home/test. What I did under /home/chroot was create a fake enviroment for the users. I added only what they needed to use in /bin and /usr/bin. I used ldd to get the required libs to copy over to /lib. Users in the chroot can not change their password because they do not have access to the real passwd file so what I did was insteal nis on the server. I have the servers acting as the nis master server and as a client from within the chroot. I setup nsswitch.conf inside the chroot to use the nis server so it has access to the real passwd file to change passwords and to map usernames to uids. When users log into the server, most don't even realize they are in a chroot jail which is good. I use the grsecurity patch on the kernel which makes it close to impossible to break out of the chroot. That might be a little overkill but it works very well for a restricted shell. If you have anymore questions or what to see some of the scripts I wrote for this let me know.
Hmm, maybe I should write a howto for this. I see these questions asked a lot but a lot of users seem to have a hard time setting up a chroot jail for users.