home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.unix.bsd:10641 comp.unix.questions:14977
- Path: sparky!uunet!cs.utexas.edu!qt.cs.utexas.edu!yale.edu!think.com!enterpoop.mit.edu!eru.mt.luth.se!lunic!sunic!news.funet.fi!fuug!prime!mits!karttu
- From: karttu@mits.mdata.fi (Antti Karttunen)
- Newsgroups: comp.unix.bsd,comp.unix.questions
- Subject: WEIRD IDEA? (chroot)
- Message-ID: <1992Dec26.191816.26596@prime.mdata.fi>
- Date: 26 Dec 92 19:18:16 GMT
- Sender: usenet@prime.mdata.fi (Usenet poster)
- Organization: MITS, Helsinki, Finland
- Lines: 70
- Nntp-Posting-Host: mits.mdata.fi
-
- We are thinking about building a kind of unix BBS-system,
- and for one reason (don't ask me why) I would want to keep certain class
- of users segregated from the rest, and their id's in the separate
- passwd-file.
-
- We probably will be using BSD 4.3, and I have thought about using the
- chroot function for these special users, in the patched login I'm
- about to hack.
-
- Now, let's assume that the root-directory for these special users
- is called /usr/customers. To there I'll create subdirectories
- bin, dev, usr, etc, 'emulating' the real /bin, /dev, /usr and /etc
- directories, like is done with the most ftp-sites nowadays.
- I want to give these users access to certain commands but not to all,
- so I copy some commands from real /bin to our 'fake' /bin, namely
- /usr/customers/bin. Because we probably will have / and /usr in the
- separate filesystems I can't use hard links, and neither the symbolic links
- will work from 'inside' /usr/customers to 'outside' of it. To the rest of
- commands, programs and files in /usr/ucb, /usr/bin, /usr/games,
- /usr/local/bin and /usr/lib I can make hard links with ln.
- (Hmm, just realized that I could move some of the commands in /bin to
- /usr/customers/bin and then make symbolic links to them from the real /bin
- From 'outside' to 'inside' they will work, of course.)
-
- There should be at least passwd and group files in the etc directory,
- and various programs need various other files there, and with them I can
- do the same trick, or use different files. For example, if using separate
- utmp file there, we could create the illusion that these special users
- are alone in the machine.
-
- About devices in /dev, man chroot gives the following warning:
-
- BUGS
- One should exercise extreme caution when referencing device
- files in the new root file system.
-
- and then tells nothing about why this extreme caution is needed.
-
- With these I could probably again move the tty-devices and others
- to /usr/customers/dev and then make symbolic links to them from /dev,
- or create devices with the same names into /usr/customers/dev
- with /etc/mknod command. Probably it's this latter case where we
- will run into more problems, if we have processes started by special
- and normal users trying to access the same devices via /dev and
- /usr/customers/dev, with differing protections and different owners
- in these device-files.
-
- With mail there are probably some problems when considering the mail
- between special and other users (separate spool-directories), but I
- think they will be also solvable with symbolic links or weird alias-tricks.
-
- Everything said above was probably self-evident for you, but now the
- main questions:
-
- 1) Has anybody built this kind of system before, for _interactive_ users?
- (I don't mean the ftp-servers).
-
- 2) Have I forgot anything essential, something which will run us
- into deep problems later? (If we want to use some software X or thing Y
- in the future.)
-
- 3) If this chrooting is not so wonderful idea after all, does there
- exist SysV-esque rsh for BSD4.3 anywhere? (I mean the Restricted Shell,
- not Remote Shell). If you answer only to this last question, then
- please do it with mail, and I will then summarize.
-
- I will be grateful for any comments and suggestions.
-
- --
- Antti Karttunen / karttu@mits.mdata.fi / $B%"%s%C%F%#!!%+%k%C%H%%%M%s(J
-
