|
![](/i/fill.gif) |
Rafal 'Raf256' Maj wrote:
> Hi,
> I would like allow user to log into my box via SSH and run povray there.
>
> Its important to deny user to do anything "evil" including accessing
> itnernet, running other applicaitons, etc.
>
> He olny can login, up/download own files, run povray(and moray), use
> kill/top/ps.
>
> How can I make something like this? In example - on Debian.
>
>
The problem with chroot on modern unixes is that they tend to have a lot
of shared libraries and simply copying executables into ~/bin and chrooting
to ~/ doesn't work because the shared libs are outside of the jail.
At a minimum you need a statically linked shell inside the jail, many
systems have a /bin/bash_static or similar for emergencies. then you need
to build pov statically linked also, and any other utils you want to
provide.
This little test worked for me:
billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
chroot: cannot run command `/bin/bash_static': No such file or directory
billh@Tarragon ~ $ cp /bin/bash_static ~/bin
billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
I have no name!@Tarragon / # ls
bash_static: ls: command not found
--
Bill Hails
http://thyme.homelinux.net/
Post a reply to this message
|
![](/i/fill.gif) |