On Sun, 4 Jun 2006, Maciej Żenczykowski wrote: > I think the classic solution is to patch ssh (trivial patch, search around on > the internet...) with the chroot on /./ in home directory patch, then make a > users home directory /home/user/./home/user copying (linking) all needed libs > and binaries into /home/user/{bin,lib,usr,...} > > Not the best solution but it works... In case you're interested I just tried this out with the CentOS4 sshd and the resulting rpms are available at http://tcs.ii.uj.edu.pl/~buildcentos/chrootssh/ This is a clean (hopefully) rebuild of the openssh from CentOS4.3 with the extra couple line chroot on ssh patch added in. All you need to do is make a users home dir contain /./ and he'll be chrooted to that spot after password verification. Please note - if there is insufficient stuff in there to run his default shell then it'll bomb and log back out immediately... Here's a list of files which I copied and managed to start up a bash shell: The files needed to start up bash (ie ldd `which bash`): /bin /bin/bash /lib /lib/libdl-2.3.4.so /lib/ld-2.3.4.so /lib/libtermcap.so.2.0.8 /lib/tls /lib/tls/libc.so.6 /lib/tls/libc-2.3.4.so /lib/ld-linux.so.2 /lib/libtermcap.so.2 /lib/libdl.so.2 And, seemingly needed by sshd (sad that it can't use the normal /etc/passwd) /etc /etc/passwd - just the line with the logging in user needed Possibly also useful, though not strictly needed: /dev /dev/zero /dev/null /dev/console /dev/tty Cheers, MaZe.