SSH Frage und Prob.

Alle weiteren Dienste, die nicht in die drei oberen Foren gehören.
Antworten
Badgott
Beiträge: 40
Registriert: 14.02.2005 12:25:41

SSH Frage und Prob.

Beitrag von Badgott » 19.04.2005 13:15:13

Hallo,
ich möchte gerne in debian einen User anlegen der sich auch über die shell einlggen kann der susser soll in einen bestimmten Ordner gespert werden und soll nur 1 Programm ausführen dürfen und sonst nichts kann mann sowas bewerkstelligen? bzw. Wie ?
Ps. Der benutzer soll auch nur eine Verbindung nach draußen mit dem Programm aufbauen können.

Gruß Daniel
Nach oben
Benutzeravatar
tcs
Beiträge: 153
Registriert: 20.10.2003 14:18:16

Beitrag von tcs » 19.04.2005 13:20:18

Hi,

ja, kann man bewerkstelligen. Such mal hier und in google nach chroot.
Und bitte das hier aufmerksam lesen.

Cheers

tcs
Nach oben
Badgott
Beiträge: 40
Registriert: 14.02.2005 12:25:41

Beitrag von Badgott » 19.04.2005 16:45:06

Hallo,
das habe ich bereits getahn hatte gehofft evtl. Kennt sich jemand mit der sache etwas Intensiver aus als in denn Howos, und hat evtl. nen Link oder Material was das Tehma speziell behandelt.

Gruß Daniel

Ps. Aber trotzdem Danke
Nach oben
Benutzeravatar
tcs
Beiträge: 153
Registriert: 20.10.2003 14:18:16

Beitrag von tcs » 20.04.2005 12:11:20

Code: Alles auswählen

#!/usr/bin/perl

$chroot_dir="/chroot";
$chroot_dir_escaped="\\/chroot";

print "Please enter the name of user you want to create:\n";
$username=<STDIN>;
chomp($username);

print "Checking if username ($username) exists in /etc/group...\n";
$foundgroup=system("grep -i $username /etc/group");
if ($foundgroup==0) {
    print "Found one or more entries for $username, please choose another name!\n";
    exit 0;
}

print "Checking if username ($username) exists in /etc/passwd...\n";
$foundgroup=system("grep -i $username /etc/passwd");
if ($foundgroup==0) {
    print "Found one or more entries for $username, please choose another name!\n";
    exit 0;
}

print "I don't have a user called $username yet, we can do the work :-)\n";


print "Creating directory $chrootdir/$username";
system("mkdir $chroot_dir/$username");
print ".";
print "done\n";
print "Creating directory structure for $username";
system("mkdir $chroot_dir/$username/bin");
print ".";
system("mkdir $chroot_dir/$username/etc");
print ".";
system("mkdir $chroot_dir/$username/home");
print ".";
system("mkdir $chroot_dir/$username/home/$username");
print ".";
system("mkdir $chroot_dir/$username/lib");
print ".";
system("mkdir $chroot_dir/$username/lib/tls");
print ".";
system("mkdir $chroot_dir/$username/dev");
print ".";
system("mkdir $chroot_dir/$username/usr");
print ".";
system("mkdir $chroot_dir/$username/usr/bin");
print ".";
system("mkdir $chroot_dir/$username/var");
print ".";
system("mkdir $chroot_dir/$username/usr/lib");
print ".";
system("mkdir $chroot_dir/$username/var/tmp");
print ".";
system("mkdir $chroot_dir/$username/usr/lib/i386");
print ".";
system("mkdir $chroot_dir/$username/usr/lib/i386/cmov");
print ".";
system("cp -Rp /tmp $chroot_dir/$username/");
print "done\n";

print "Creating new user $username";
system("groupadd $username");
print ".";
system("useradd -g $username -d $chroot_dir/$username/home/$username -m -s /usr/local/sbin/chrlogin $username");
print ".";
system("chown $username:$username $chroot_dir/$username/home/$username");
print ".";
system("chown $username:$username $chroot_dir/$username/tmp");
print ".";
system("chown $username:$username $chroot_dir/$username/var/tmp");
print "done\n";

print "Copying libraries to the just created environment";

system("cp /lib/ld-linux.so.2 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libacl.so.1 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libattr.so.1 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libcom_err.so.2 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libext2fs.so.2 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libncurses.so.5 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libnsl.so.1 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libnss_compat.so.2 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/libutil.so.1 $chroot_dir/$username/lib/");
print ".";
system("cp /lib/tls/libc.so.6 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/libcrypt.so.1 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/libdl.so.2 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/libnsl.so.1 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/libpthread.so.0 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/libresolv.so.2 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/librt.so.1 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /lib/tls/libutil.so.1 $chroot_dir/$username/lib/tls/");
print ".";
system("cp /usr/lib/libcrypto.so.0.9.6 $chroot_dir/$username/usr/lib/");
print ".";
system("cp /usr/lib/libglib-2.0.so.0 $chroot_dir/$username/usr/lib/");
print ".";
system("cp /usr/lib/libgmodule-2.0.so.0 $chroot_dir/$username/lib/");
print ".";
system("cp /usr/lib/libgpm.so.1 $chroot_dir/$username/usr/lib/");
print ".";
system("cp /usr/lib/libz.so.1 $chroot_dir/$username/usr/lib/");
print ".";
system("cp /usr/lib/i686/cmov/libcrypto.so.0.9.7 $chroot_dir/$username/usr/lib/i386/cmov/");
print "done\n";

print "Copying binaries to the just created environment";

system("cp /bin/bash $chroot_dir/$username/bin/");
print ".";
system("cp /bin/cat $chroot_dir/$username/bin/");
print ".";
system("cp /bin/chmod $chroot_dir/$username/bin/");
print ".";
system("cp /bin/chown $chroot_dir/$username/bin/");
print ".";
system("cp /bin/cp $chroot_dir/$username/bin/");
print ".";
system("cp /bin/ln $chroot_dir/$username/bin/");
print ".";
system("cp /bin/ls $chroot_dir/$username/bin/");
print ".";
system("cp /bin/mkdir $chroot_dir/$username/bin/");
print ".";
system("cp /bin/more $chroot_dir/$username/bin/");
print ".";
system("cp /bin/mv $chroot_dir/$username/bin/");
print ".";
system("cp /bin/rm $chroot_dir/$username/bin/");
print ".";
system("cp /bin/rmdir $chroot_dir/$username/bin/");
print ".";
system("cp /bin/sh $chroot_dir/$username/bin/");
print ".";
system("cp /bin/touch $chroot_dir/$username/bin/");
print ".";
system("cp /usr/bin/dircolors $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/groups $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/id $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/less $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/mc $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/mcedit $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/scp $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/vi $chroot_dir/$username/usr/bin/");
print ".";
system("cp /usr/bin/vim $chroot_dir/$username/usr/bin/");
print "done\n";

print "Setting up new environment";

system("cp /etc/localtime $chroot_dir/$username/etc/");
print ".";
system("cp /etc/nsswitch.conf $chroot_dir/$username/etc/");
print ".";
system("cp -R /etc/terminfo $chroot_dir/$username/etc/");
print ".";
system("mknod $chroot_dir/$username/dev/zero c 13 12");
print ".";
system("mknod $chroot_dir/$username/dev/null c 1 3");
system("chmod 0666 $chroot_dir/$username/dev/null");
print "done\n";

print "Creating passwordfile in new environment...";
system("cat /etc/passwd | grep '$username' >> $chroot_dir/$username/etc/passwd");
system("cat /etc/group | grep '$username' >> $chroot_dir/$username/etc/group");
print "done\n";

print "Setting up password for $username:\n";
`passwd $username`;

print "Fixing homedir and loginshell in chroot environment...";
sleep(1);
system("cat $chroot_dir/$username/etc/passwd | perl -W -p -e 's/$chroot_dir_escaped\\/$username//g' | perl -W -p -e 's/\\/usr\\/local\\/sbin\\/chrlogin/\\/bin\\/bash/g' > $chroot_dir/$username/etc/passwd");
print "done\n";

print "Work done, user $username is ready for use :-)\n";
Ist sicher zuviel drin. Aber vielleicht als Ausgangsbasis hilfreich.

Cheers

tcs
Nach oben
Antworten

Zurück zu „weitere Dienste“