Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Using '*' in /etc/passwd to chroot a login

6 views
Skip to first unread message

Alex Pakter

unread,
Jul 11, 1995, 3:00:00 AM7/11/95
to
According the to HP man page for login(1), if you put a '*' in the program
field in /etc/login, the system will chroot to the home directory in that
directory, and re-exec the login.

-----------man page excerpt-------------------
If the command name field is *, a chroot() to the directory named in
the directory field of the entry is performed. At that point login is
re-executed at the new level which must have its own root structure,
including /bin/login and /etc/passwd.
-----------------------------------------------------

So I did it all. Created a new root directory structure with /etc/passwd,
/etc/group, a pared down /bin, and a series of other pretty files. But I can't
get it to work. I keep getting the following error:

---------------------begin error dialog-------------------------
# telnet localhost
Trying...
Connected to localhost.omnitel.it.
Escape character is '^]'.

HP-UX omih003 A.09.04 E 9000/887 (ttypd)

login: testuser
Password:
Subsystem root: /usr/local/named
login: testuser
Login incorrect
login: testuser
Login incorrect
login: testuser
Login incorrect
Connection closed by foreign host.
#

-------------------end dialog---------------------

"Login incorrect" ??? It didn't even ask me for a password!

Does anyone know anything about this?

Alex | Alex Pakter - UNIX systems analyst
---- | Omnitel Pronto Italia - Milano, Italy
| Internet Mail: Alex....@omnitel.it
| WWW Home Page: http://idiom.com/~alex (in progress)


Alex Pakter

unread,
Jul 11, 1995, 3:00:00 AM7/11/95
to
Well, it looks like I spoke too soon. I found two problems:
1) You need to have a (fairly) complete /dev directory under your
chroot'ed tree, including the most important /dev/tty
2) This is a good one: The real /etc/utmp and the one in your chroot'ed tree
must be the same file! Naturally, a symlink won't work (unless you
make the one in the REAL /etc the symlink -- I wouldn't recommend
it), so you need to use a hard link. Which means the chrooted
file has to be on the root file system.

Other that this last restriction, it seems to work...

Alex
----


Frank Slootweg

unread,
Jul 12, 1995, 3:00:00 AM7/12/95
to

What do you mean by "Which means the chrooted file has to be on the
root file system."?

If you mean that /usr/local/named/etc/utmp should be on the root file
system, then yes, but since it is a hard link, it hardly takes any
additional space. However /usr/local/named/users/testuser, and hence,
/usr/local/named/users/testuser/verybigfile, can be on another file
system, because /usr/local/named/users can be a mountpoint. Put in other
words:

/usr/local/named/etc \
/usr/local/named/bin \
/usr/local/named/dev > must be on the root file system
/usr/local/named/users /
etc. /

/usr/local/named/users/user1 \
.... > can be on another file system
/usr/local/named/users/usern /

0 new messages