> On Thu, 10 Aug 2000, Kevin P. Neal wrote:
> 
> > He's saying that when you chroot(), your / is the directory you
> > chdir()'d to. So, you would need a /bin in your chroot "jail".
> > 
> Exactly so.
Ok, i have that now, in user dir he has /bin an hardlinks
to binaries.
But I don't know what user should be owner of that /bin
I can set it to that user, but he could accidentialy remove
that directory, and maybe something else stupid :)

Or I can set it to some "master" user - "jail". He would
then own all /home/XXX/bin direcotries.

And I don't know which one is better for security resons?

> > The next trick is getting the user into the jail when they log on. Only
> > root can do a chroot. 
> As Grzegorz initially mentioned - a modified login seems best.

I did it, and it works almost :) fine now.
I have login like that:
  if (!rootlogin)
    execlp ("/usr/sbin/chroot", "/usr/sbin/chroot", "-u", username, 
                  pwd->pw_dir, pwd->pw_shell, 0);
  else ....

But the user can't logout :) - he gets "not a login shell"
Originaly it's something like that:
  execlp (pwd->pw_shell, tbuf, 0);
ex.             ="/bin/csh"           ="-csh"
I tried puting that "-shell" into execlp - ...pwd->pw_shell, tbuf, 0);
But then the user didn't even get a shell, 
he returned to login :(

Oxxxxxxx()===================================>
                        Grzegorz "Silk" Sobanski
                           e-mail: <silk@go2.pl>
Oxxxxxxx()===================================>