Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!decwrl!hayes.ims.alaska.edu!accuvax.nwu.edu!casbah.acns.nwu.edu!wargaski From: wargaski@casbah.acns.nwu.edu (Robert E. Wargaski Jr.) Newsgroups: comp.unix.aix Subject: need help with chroot on RS/600 with AIX 3.1 Message-ID: <565@casbah.acns.nwu.edu> Date: 16 Oct 90 22:49:53 GMT Sender: news@casbah.acns.nwu.edu Reply-To: wargaski@casbah.acns.nwu.edu (Robert E. Wargaski Jr.) Organization: Northwestern University Lines: 64 Folks, A professor here asked me to write a login program which would give restricted access to the filesystem. I came up with the following: /* * This program sets up a restricted filesystem in a target subdirectory. * REW, 14 Oct 90 * * Modified for use with the IBM RS/6000 on 16 Oct 90 */ #define targetdir "/usr1/gail/tmp" #define uid 207 #define gid 10 #define shell "bin/csh" main () { chdir (targetdir); chroot (targetdir); setreuid (uid, uid); setregid (gid, gid) execl (shell,shell,(char *)0) } I got the binary to work, but when the user logs in, he can't do things like ls (I have ls in the bin directory), cf.: Script command is started on Tue Oct 16 17:42:12 1990 1 Ribm> telnet localhost Trying... Connected to loopback. Escape character is '^T'. AIX telnet (eccles.psych.nwu.edu) login: expt Password: aix 3.1, one patch. % ls -l Killed % Connection closed by foreign host. 2 Ribm> exit Script command is complete on Tue Oct 16 17:42:35 1990 So, my question is: what files and/or devices do I have to put in this mini- filesystem to get this thing to work? When I read the info page for chroot(1), it gave me the mind-bogglingly useful line: It is your responsibility to ensure that all vital data files are present in the new root file system and that the path names accessing such files are changed as necessary. Help! Regards, Rob Wargaski -- Robert E. Wargaski Jr. This is stupid. -- Vila wargaski@nwu.edu When did that ever stop us. -- Avon ACNS DSS, Northwestern University Moooo!