# Chroot Shell question

## Yamakasi

Hi,

Is it possible to chroot user shell by default? 

Thanks

----------

## li1_getoo

why would u wanna do that , I dont think is safe

----------

## dreamer3

 *Yamakasi wrote:*   

> Is it possible to chroot user shell by default?

 

Possible?... quite possibly.

Practical or sensible?  Quite possibly not.

What are you trying to accomplish?

----------

## Yamakasi

Im trading shells with some ppl. 

I dont want they see my configuration files and stuff...I want them jail into their directory only.

Does it make sense?

thanks

----------

## dreamer3

 *Yamakasi wrote:*   

> Im trading shells with some ppl. 
> 
> I dont want they see my configuration files and stuff...I want them jail into their directory only.
> 
> Does it make sense?
> ...

 

If they are jailed into their own directory then they can't do ANYTHING at all the executables and stuff are OUTSIDE of their directory... I'm sure that isn't what they had in mind when they asked to swap accounts.

I wouldn't give anyone an account on my box if I couldn't trust them enough with standard good security practices.

If your afraid of them seeing certain config files, just adjust the permissions appropriately... but be careful because some config files are NEEDED for linux to really work as expected... passwd, resolv.conf, groups, hosts, etc...

----------

## Rroet

hehhee, try this one:

emerge jail 

and read the jail howto's.

the homepage of jail, with some install help:

http://www.gsyc.inf.uc3m.es/~assman/jail/

----------

## indros

A day late and a dollar short, however,

link /bin/bash to /bin/rbash, and change the user's shell to /bin/rbash. I think that it the behavior you are trying to do..

----------

## PimpNasty

I think what Yamaski wants is to have it appear to the user when they login like they are on a very empty filesystem... you will need to either compile sys-apps/shadow (if I remember correctly) without PAM support or also include PAM in the chroot enviroment.  

Chroot shells are secure because you only include binaries that you want in the chroot enviroment.  You can chroot services like Apache for security reasons if you desire.

A nice HOWTO for chroot login.

http://tjw.org/chroot-login-HOWTO/

----------

