On Sun, 4 Jun 2006, Maciej Żenczykowski wrote:
I think the classic solution is to patch ssh (trivial patch, search around on the internet...) with the chroot on /./ in home directory patch, then make a users home directory /home/user/./home/user copying (linking) all needed libs and binaries into /home/user/{bin,lib,usr,...}
Not the best solution but it works...
In case you're interested I just tried this out with the CentOS4 sshd and the resulting rpms are available at http://tcs.ii.uj.edu.pl/~buildcentos/chrootssh/
This is a clean (hopefully) rebuild of the openssh from CentOS4.3 with the extra couple line chroot on ssh patch added in.
All you need to do is make a users home dir contain /./ and he'll be chrooted to that spot after password verification. Please note - if there is insufficient stuff in there to run his default shell then it'll bomb and log back out immediately...
Here's a list of files which I copied and managed to start up a bash shell:
The files needed to start up bash (ie ldd `which bash`):
/bin /bin/bash /lib /lib/libdl-2.3.4.so /lib/ld-2.3.4.so /lib/libtermcap.so.2.0.8 /lib/tls /lib/tls/libc.so.6 /lib/tls/libc-2.3.4.so /lib/ld-linux.so.2 /lib/libtermcap.so.2 /lib/libdl.so.2
And, seemingly needed by sshd (sad that it can't use the normal /etc/passwd)
/etc /etc/passwd - just the line with the logging in user needed
Possibly also useful, though not strictly needed: /dev /dev/zero /dev/null /dev/console /dev/tty
Cheers, MaZe.