Scriblings Of A GEEK: A small how-to on how to chroot a user in bash shell

Tuesday, October 12, 2004

A small how-to on how to chroot a user in bash shell

I know i have been bad in promises but this is now to chroot in bash shell.

The first and foremost is that you become the root or else use sudo on each step.

A little assumption before i start :

juser : username of the user who logs in to the chrooted BASH shell
jailed : group the above user belongs to :)

1. Creat a new shell file as

/bin/chroot-sh

Contents of /bin/chroot-sh are

#!/bin/bash
if [ "$1" = "-c" ];
then i=0; PARAMS=""; for param in $*;
do if [ $i -gt 0 ];
then PARAMS="$PARAMS $param";
fi let i++; done;
sudo /usr/sbin/chroot /home/$USER /bin/su - $USER -c "$PARAMS"
else
sudo /usr/sbin/chroot /home/$USER /bin/su - $USER fi;

2 .Add the user specifying the shell like

#useradd -d /home/juser -s /bin/chroot-shell juser

3. Creat the directories for the user sees as below.
mkdir /home/juser
mkdir /home/juser/etc
mkdir /home/juser/dev
mkdir /home/juser/bin
mkdir /home/juser/lib
mkdir /home/juser/usr
mkdir /home/juser/usr/bin
mkdir /home/juser/home
chown juser:jailed /home/juser/home

4. A dummy password and group file for the user
/home/juser/etc/passwd
root:x:0:0::/:/bin/bash
juser:x:1004:1004::/home:/bin/bash

/home/juser/etc/group

root:x:0:
jailed:x:1004:

5. Coping the required files and linking them.

cp /bin/bash /home/juser/bin/

ldd /bin/bash

cp /bin/su /home/juser/bin/
ldd /bin/su

6. Install fileutils aka file manupulation commands

cd /bin;
cp ln ls rm mv cp du /home/juser/bin/

thats it you can give him telnet / ssh access now

Hope it helps you all .

Till the next post take care and have a great time.