chrooting/jailing transfer-only accounts

Dan Astoorian djast at
Tue May 28 04:20:42 EST 2002

On Mon, 27 May 2002 10:34:33 EDT, I wrote:
> Note: the above is completely untested!  [...] fact, it wasn't even _proofread_.  :-(

Now that I've had my morning coffee, this is a little closer to what I
had in mind.  It's still not well-tested, but it's not quite as
spectacularly wrong.

#define JAIL "/path/to/jail"
#define SHELL "/bin/sh"
int main(int argc, char **argv) {
    if (chroot(JAIL) != 0) {
    } else if (chdir("/") != 0) {
    } else if (setuid(getuid()) != 0) {
    } else {
        execv(SHELL, argv);

My apologies for not paying attention.  <blush>

Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at        not, it's better to have loved and won.  All  the other options really suck.    --Dan Redican

More information about the openssh-unix-dev mailing list