Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!virtech!cpcahil
From: cpcahil@virtech.uucp (Conor P. Cahill)
Newsgroups: comp.unix.i386
Subject: Re: chroot(1M)
Message-ID: <1989Nov28.134104.6252@virtech.uucp>
Date: 28 Nov 89 13:41:04 GMT
References: <10358@attctc.Dallas.TX.US>
Organization: Virtual Technologies Inc.
Lines: 44

In article <10358@attctc.Dallas.TX.US>, toma@attctc.Dallas.TX.US (Tom Armistead) writes:
> Could I get some help on the usage of the chroot command???
> 
> What I want to do is set up different root directories for different groups
> of users on the same machine such that groupa uses /usr as it root, groupb
> uses /usr2 as its root, etc...
> 
> Can I do this with chroot command???
> 
> Any help would be greatly appreciated!

A clean way to do this is to use a little known function of login (yes, it 
is documented).  If login sees an * as the login shell for a particular user,
it will chroot to the user's directory and re-execute /etc/login.

Create an entry in the /etc/passwd file with a "*" as the login shell and
the root of the sub-file system as it's login directory.  For example:

	group2:x:999:99:Xenix login:/f:*

This tells login to chroot to /f and then re-execute itself so the 
user has to login with the real login id and password for that 
root.  Note that passwords used for this login will be in /f/etc/passwd or
/f/etc/shadow.

I usually make the password for group2 null, so the user doesn't have
to know two passwords.  This will require you to have a full root
on each file system you wish to be able to use this on.


Using this you will see something like:

	386/ix...

	login: group2
	Subsystem root: /f
	login:			<-- This login is on /f


-- 
+-----------------------------------------------------------------------+
| Conor P. Cahill     uunet!virtech!cpcahil      	703-430-9247	!
| Virtual Technologies Inc.,    P. O. Box 876,   Sterling, VA 22170     |
+-----------------------------------------------------------------------+