Re: chrooted accounts

On Wed, 10 Sep 1997, Bruno Lopes F. Cabral wrote:

> > The format for a chrooted account in /etc/passwd is for the
> > user's home dir to be as follows:
> > 
> > :/chroot/dir/./start:
> where did you find this? the only place I know that talks about
> this format is on doing guestgroups with wu-ftpd, is this the
> case?

wu-ftpd observes it with guests, not with normal users... at least, not
without patching *grin*.

I've used that in my chroot'd login and attempts at allowing minor PAM
access in the chrooted environment (ie, letting them change password)

> > Is this a pam problem, a pwdb problem, a libc problem or my problem?

None really.  Thing is, there is *no* standard for specifying a chroot'd
account.  Using the '/./' convention is nice, in that it doesn't break
anything else (such as web servers etc).  The alternative is to have a
seperate file specifying chrooted directories in /etc... bleah - too many
files in there already.

The only places I've seen it documented has been in wu-ftpd (well, if you
look through the code) and something in HP-UX (personally, I'm trying to
forget my experiences with that ;) )

Source for the version of wu-ftpd I run which chroots users to a specific
directory based on '/./' convention is at:


Note, if you are setting up a chroot'd area, on most unix's you need to
have hard links to the real device files inside the chroot, otherwise
certain things (notably screen) break.  This means the chroot must be on
the root partition.  Obviously, mount as much as you can elsewhere...

NFS mounting user directories off the local machine is *not* a pleasant
solution, though it works if you have a restricted amount of HDD space and
you want to do multiple chroot'd areas.

Bruce. (paranoid bastard)

Who put his hand up for doing a PAM version of this quite a while ago and
hasn't gone through with releasing it.. :(

