I have installed the openssh-portable version with the chroot patch
enabled. Since I want to give only a limited set of commands to the
account I copied the required binaries and libs to the chroot dir. I can
login and execute whatever binary I have included into the chroot
environment. However, I am facing several undesired side effects:
-) The numeric uid's do not get mapped to their login names, but gid's do:
$ pwd
/
$ ls -al
total 96
drwxr-xr-x 8 0 wheel 512 Dec 21 17:41 .
drwxr-xr-x 8 0 wheel 512 Dec 21 17:41 ..
dr-x--x--x 2 0 wheel 512 Dec 21 16:53 bin
drwxr-xr-x 2 0 wheel 512 Dec 21 17:42 dev
dr-xr-xr-x 2 0 wheel 512 Dec 21 16:54 etc
drwxr-xr-x 4 1003 mygroup 512 Dec 21 16:47 home
dr-x--x--x 2 0 wheel 512 Dec 21 16:47 lib
dr-x--x--x 2 0 wheel 512 Dec 21 16:47 libexec
I have included modified versions of passwd and group in the chroot /etc
dir:
/etc/passwd:
root:*:0:0:Root User:/:/dev/null
myuser:*:1003:1001:Chroot User:/home:/bin/sh
/etc/group:
wheel:*:0:root
mygroup:*1001:
-) I do get funny characters printed when typing a backspce, hitting
delete or entering CTRL-D to exit the shell.
Here's how I set up the chroot environment (OS is FreeBSD 5.3):
dr-x--x--x bin
-r-x--x--x bin/chmod
-r-x--x--x bin/ls
-r-x--x--x bin/sh
drwxr-xr-x dev
crwxr-xr-x 2,2 dev/null
dr-xr-xr-x etc
-rw-r--r-- etc/group
-rw-r--r-- etc/passwd
dr-x--x--x lib
-r--r--r-- lib/libc.so.5
-r--r--r-- lib/libedit.so.4
-r--r--r-- lib/libncurses.so.5
dr-x--x--x libexec
-r--r--r-- libexec/ld-elf.so.1
I assume both observations are connected to each other. What am I missing
here to build a minimal but fully functional environment? Any comments are
greatly appreciated. Dave.
