Hello I wrote a script that when a user logs in to X11 he gets Chrooted.
I wonder if there are people insterested into that script, in the example I run iceWM as Window Msg. Just change iceWM with your envoirment,
And if there are people who can Tweak it..
Anywho here it is:
Code:
#!bin/bash/

clear
echo "##########################"
echo "##       WARNING!       ##"
echo "##                      ##"
echo "##DO NOT RUN THIS SCRIPT##"
echo "##   IF YOU ARNT ROOT   ##"
echo "## OR if you DONT want  ##"
echo "##     A new user..     ##"
echo "##                      ##"
echo "##ABORT NOW IF YOU DONT ##"
echo "##WANT TO ADD A NEW USER##"
echo "## OR ARE NOT THE ROOT  ##"
echo "##                      ##"
echo "## IF THE USER ALREADY  ##"
echo "##   EXIST YOU MIGHT    ##"
echo "##  SCREW UP BIG-TIME   ##"
echo "##                      ##"
echo "##########################"
echo 
echo
echo 
##Start with Script
echo "Name of the user:"
read NEWUSER

##Make User##
adduser $NEWUSER #Add check for and answer 0 (Success)
passwd $NEWUSER

##Make ChrootJail##
echo "# .bashrc" > /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc #Whiteline 
echo "# Source global definitions" >> /home/$NEWUSER/.bashrc
echo "if [ -f /etc/bashrc ]; then" >> /home/$NEWUSER/.bashrc
echo "          . /etc/bashrc" >> /home/$NEWUSER/.bashrc
echo "fi" >> /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc #Empty line
echo "#ChrootJail" >> /home/$NEWUSER/.bashrc

##START HERE IT SHOULDNT BE PUT IN BASHRC BUT IN START OF ICEWM
echo "##mkdir" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/lib" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/dev" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/bin" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/etc" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/usr" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/tmp" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/var" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/sys" >> /home/$NEWUSER/.bashrc
echo "mkdir /home/$NEWUSER/sbin" >> /home/$NEWUSER/.bashrc

#Mount the System for the user. This shouldnt be only read Only.
#We really have to Figure out what can be read only and what has to be read-only
#Then also the dirs that we dont need completely but just a small part Copy
#All the files that are needed. I think I need to do it that way since well 
#They they dont have the Shadow File.. And it is more secure.
#If there is one folder mounted with Read/Write people can just
#Send files to each other in that way.. That shouldnt be allowed..
#So, Read-Only as much as possible.
#    Copy Files when a Folder needs less then 50 files to be ReadWrite that arnt System files.
#    Read-Write were needed. To make it just work.
echo "sudo /bin/mount -r -o bind /lib /home/$NEWUSER/lib" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -r -o bind /dev /home/$NEWUSER/dev" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -r -o bind /bin /home/$NEWUSER/bin" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -r -o bind /tmp /home/$NEWUSER/usr" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -r -o bind /var /home/$NEWUSER/var" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -r -o bind /sys /home/$NEWUSER/sys" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -r -o bind /sbin /home/$NEWUSER/sbin" >> /home/$NEWUSER/.bashrc
echo "sudo /bin/mount -o bind /tmp /home/$NEWUSER/tmp" >> /home/$NEWUSER/.bashrc
#Make a Custom etc folder for each user
#Since of the passwd and shadow file..
echo "sudo /bin/mount -r -o bind /etc /home/$NEWUSER/etc >> /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc #Empty
echo "sudo /usr/sbin/chroot /home/$NEWUSER" >> /home/$NEWUSER/.bashrc
#STOP HERE IT SHOULDNT BE PUT IN BASHRC BUT IN START OF ICEWM

#Draw Warning for a User who is able to get into Console.
#Hope that will Scare them off...
echo "" >> /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc
echo "     Warning!" >> /home/$NEWUSER/.bashrc
echo "echo\"    _,,   ,,_\"" >> /home/$NEWUSER/.bashrc
echo "echo\"  \~\(  \"o o\"  \)\~\"" >> /home/$NEWUSER/.bashrc
echo "echo\"   ,,,,   ,,,,\"" >> /home/$NEWUSER/.bashrc
echo "Warn the system admin..!" >> /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc
echo "" >> /home/$NEWUSER/.bashrc
chown $NEWUSER /home/$NEWUSER/.bashrc

##Write User in sudoers Files##

##TO BE DONE!!


##Make LoginFiles##
#Set change password at next login
#Number is set to 1 so there can be logged in once.
chage -d 1 $NEWUSER

#Copy iceWM menu file
cp /usr/share/icewm/menu /home/$NEWUSER/.icewm/menu
echo "Edit this users Menu, Press the \"enter\" key to Continue"
read
vi /home/$NEWUSER/.icewm/menu
chown $NEWUSER /home/$NEWUSER/.icewm/menu

#Write CleanUp in /home/$NEWUSER/.bash_logout
echo "# ~/.bash_logout" > /home/$NEWUSER/.bash_logout
echo ""   >> /home/$NEWUSER/.bash_logout #Blank Line
echo "clear"   >> /home/$NEWUSER/.bash_logout
echo "sudo /bin/umount /home/$NEWUSER"   >> /home/$NEWUSER/.bash_logout

#DIRS YOU WANT TO KILL, This is Cleaning up to avoid Error Msgs.
#Also to save Memory
echo "rm -rf /home/$NEWUSER/lib"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/dev"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/bin"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/etc"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/usr"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/tmp"  >> .bash_logout 
echo "rm -rf /home/$NEWUSER/var"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/sys"  >> .bash_logout  
echo "rm -rf /home/$NEWUSER/sbin"  >> .bash_logout 
chown $NEWUSER /home/$NEWUSER/.bash_logout $NEWUSER

#Write /home/$NEWUSER/.dmrc, so that Login with IceWM just works
echo "[Desktop]" > /home/$NEWUSER/.dmrc
echo "Session=icewm" >> /home/$NEWUSER/.dmrc
chown $NEWUSER /home/$NEWUSER/.dmrc

#Done, Draw end of Script.
echo "" #Bare Line
echo "New User is Made.."
echo "Be sure that it works before the user gets access"
echo "WARNING, LOGIN ONCE.. The Second Time the Password"
echo "Has to be Changed. Its the best if the user changes"
echo "it. Since they have a feeling of Safety then..."
echo "" #Bare Line
Script Update: Version 0.1