/usr/share/doc/libpam-chroot/examples/README.example is in libpam-chroot 0.9-4.3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | This is a sample configuration for the pam_chroot module.
In order to make this work you need to:
1.- use setup-chrootdir.sh to create a directory in which
the user will be chrooted (let's call it CHROOTDIR)
A sample layout like the one it creates is provided in the
chrooted-directory-tree.txt file
WARNING! Make sure to have an open console in which to
become superuser in case you mangle the files and cannot
log-on to the system later on!
2.- configure /etc/security/chroot.conf so that a given user
(USERCHROOTED) is chrooted to CHROOTDIR when entering (in the
sample configuration file CHROOTDIR=/chroot/directory)
3.- add the following line to /etc/pam.d/login
session required pam_chroot.so debug
4.- create USERCHROOTED in the system (/etc/passwd et al.) and
have his home directory be /home/test
(real directory=CHROOTDIR/home/test)
5.- add the neccesary .profile, .cshrc, .bash_profile files to
the CHROOTDIR/home/test directory (fix permissions to your own
needs/policy)
6.- Try to enter the system as USERCHROOTED. You should be
restricted to CHROOTDIR and have only a limited number of
utilies (setup-chrootdir only provides 'ls')
If it does not work check the syslog files to see the messages
related to PAM (should include pam_chroot[XXXX]: session messages
due to the 'debug' option being set)
|