POV-Ray: Newsgroups: povray.unix: Pov via SSH in chroot jail?: Re: Pov via SSH in chroot jail?

POV-Ray : Newsgroups : povray.unix : Pov via SSH in chroot jail? : Re: Pov via SSH in chroot jail?		Server Time 5 Jul 2024 13:49:31 EDT (-0400)

From: Bill Hails
Date: 25 Nov 2004 20:10:04
Message: <41a6826c@news.povray.org>

Rafal 'Raf256' Maj wrote:

> Hi,
> I would like allow user to log into my box via SSH and run povray there.
> 
> Its important to deny user to do anything "evil" including accessing
> itnernet, running other applicaitons, etc.
> 
> He olny can login, up/download own files, run povray(and moray), use
> kill/top/ps.
> 
> How can I make something like this? In example - on Debian.
> 
> 

The problem with chroot on modern unixes is that they tend to have a lot
of shared libraries and simply copying executables into ~/bin and chrooting
to ~/ doesn't work because the shared libs are outside of the jail.
At a minimum you need a statically linked shell inside the jail, many
systems have a /bin/bash_static or similar for emergencies. then you need
to build pov statically linked also, and any other utils you want to
provide.

This little test worked for me:

billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
chroot: cannot run command `/bin/bash_static': No such file or directory
billh@Tarragon ~ $ cp /bin/bash_static ~/bin
billh@Tarragon ~ $ sudo chroot ~/ /bin/bash_static
I have no name!@Tarragon / # ls
bash_static: ls: command not found

-- 
Bill Hails
http://thyme.homelinux.net/

Post a reply to this message