den Source gibt es schon noch:
[src=c]/*
* chrlogin.c -- chroot login
* acts as login shell in /etc/passwd for a user who has to completely
* live in a chroot environment
*
* Harald Weidner <hweidner@gmx.net>
* First release: 1999-06-30
* Last update: 2002-09-01
*
* Installation:
* compile: gcc -Wall -O2 -s chrlogin.c -o chrlogin
* install: cp to /usr/local/sbin, chown root, chmod 4755
* create chroot directory (here: /home/chroot)
* create base file system under /home/chroot
* DISABLE all setuid root binaries under /home/chroot !!!
*
* Install a user:
* create a user using 'adduser'; set password with 'passwd'
* set /usr/local/sbin/chrlogin als login shell for that user in /etc/passwd
* create a user in the chroot-Environment
* (e.g. by filling out /home/chroot/etc/passwd and creating
* /home/chroot/home/<username> by hand; that user should have the same
* uid and gid as in /etc/passwd; login shell must be /bin/bash)
*
* This code is released under the terms of the GNU General Public
* License (GPL). THERE IS NO WARRANTY! USE AT YOUR OWN RISK!
* See http://www.fsf.org/licenses/gpl.html for the full text of the GPL.
*/
/* ----- Configuration parameters ---------------------------------------- */
/* shell for chroot'ed users */
#define SHELL "/bin/bash"
/* chroot directory level
* This parameter defines, how many subdirs, beginning from the
* root directory /, are treated as the root of the chroot environment.
* Example:
* with CHROOT_LEVEL of 2, /home/chroot/home/joe means:
* 0 1 2 3
* /home/chroot is the chroot base directory,
* /home/joe is the home directory within the chroot environment
*/
#define CHROOT_LEVEL 2
/* ----- End of configuration parameters --------------------------------- */
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <pwd.h>
#include <sys/types.h>
#include <sys/stat.h>
#define MAX_STRING 1024
int main(int argc, char *argv[], char *envp[])
{
int real_user = getuid();
struct passwd *pw_ent = NULL;
struct stat stat_buf;
char *p;
int cnt;
char home_dir[MAX_STRING], shell[MAX_STRING], chroot_dir[MAX_STRING];
/* sanity checks */
if(geteuid() != 0) {
fprintf(stderr, "%s: This program needs to be setuid root.\n",
argv[0]);
exit(-1);
}
if(real_user == 0) {
fprintf(stderr, "%s: The target user must not be root.\n",
argv[0]);
exit(-1);
}
/* look up user in system's /etc/passwd */
if((pw_ent = getpwuid(real_user)) == NULL) {
fprintf(stderr, "%s: User #%d does not exit in /etc/passwd.\n",
argv[0], real_user);
exit(-1);
}
/* check home directory */
strncpy(chroot_dir, pw_ent->pw_dir, MAX_STRING - 1);
chroot_dir[MAX_STRING] = 0;
if(chroot_dir[0] != '/') {
fprintf(stderr, "%s: Home directory %s does not begin with '/'.\n",
argv[0], chroot_dir);
}
if(stat(chroot_dir, &stat_buf) != 0) {
fprintf(stderr, "%s: Home directory %s does not exist:\n%s\n",
argv[0], chroot_dir, strerror(errno));
}
/* extract chroot directory */
for(p = chroot_dir, cnt = -1 ; *p; p++) {
if(*p == '/')
cnt++;
if(cnt == CHROOT_LEVEL) {
*p = 0;
break;
}
}
if(cnt < CHROOT_LEVEL) {
fprintf(stderr, "%s: Home directory %s is too short to reach "
"chroot shell level %d.\n",
argv[0], chroot_dir, CHROOT_LEVEL);
exit(-1);
}
/* check existance of SHELL */
strncpy(shell, chroot_dir, MAX_STRING);
strncat(shell, SHELL, MAX_STRING - strlen(shell));
if(stat(shell, &stat_buf) != 0) {
fprintf(stderr, "%s: Could not access login shell %s:\n%s\n",
argv[0], shell, strerror(errno));
exit(-1);
}
if(!S_ISREG(stat_buf.st_mode)) {
fprintf(stderr, "%s: Login shell %s must be a regular file.\n",
argv[0], shell);
exit(-1);
}
/* enter chroot environment */
if(chdir(chroot_dir) != 0) {
fprintf(stderr,
"%s: Could not chdir() to new root directory %s:\n%s\n",
argv[0], chroot_dir, strerror(errno));
exit(-1);
}
if(chroot(chroot_dir) != 0) {
fprintf(stderr,
"%s: Could not chroot() to new root directory %s:\n%s\n",
argv[0], chroot_dir, strerror(errno));
exit(-1);
}
setuid(real_user);
/* look up user in chroot's /etc/passwd */
if((pw_ent = getpwuid(real_user)) == NULL) {
fprintf(stderr, "%s: Could not find user #%d in chroot's /etc/passwd.\n",
argv[0], real_user);
exit(-1);
}
/* change to users home directory */
if(chdir(pw_ent->pw_dir) != 0) {
fprintf(stderr,
"%s: Could not chdir to new home directory %s for user #%d:\n%s\n",
argv[0], pw_ent->pw_dir, real_user, strerror(errno));
exit(-1);
}
/* adapt command name */
argv[0] = pw_ent->pw_shell;
/* adapt HOME environment variable */
strcpy(home_dir, "HOME=");
strncat(home_dir, pw_ent->pw_dir, MAX_STRING - strlen(home_dir));
putenv(home_dir);
/* execute shell */
execve(SHELL, argv, envp);
return 0;
}[/src]
Oder das Toolkit hier:
https://olivier.sessink.nl/jailkit/index.html#intro
kommt vor allem auch darauf an wie dein User eigentlich zugreifen soll.
per ssh oder interaktiv am pc?