Who? What? Why?

Home gateway for Søren Thing.
Named turquoise because of its color. And yes, I know: The word "turquoise" is a pain to spell - at least for a Dane.

create_chroot_home is a shell script I wrote to make it easier (and less error prone) for me to set up a chroot login on my OpenBSD machine.
I have included so much in the chroot, that the user can run the vi editor and use scp, sftp or rsync over ssh to transfer files into and out of the chroot. While working inside the chroot shell the following commands are available: bash cat chmod cp date du echo grep groups head hostname id less ln ls md5 mkdir more mv ps pwd rm rmdir rsync scp sh tail tar vi wc.

Prerequisites: OpenBSD (tested on 3.1), bash and chrsh.

To do the actual chroot I use Aaron Gifford's chrsh, that Ben Goren has made a port for. Please see his comments here. Unfortunately Mr. Goren's port didn't exactly fit my purpose, so I have made a small patch against it, that changes three things:

1. chrsh now expects the chrooted home directory to be mode 0755 instead of 0750 (so Apache can get files from a user directory).
2. chrsh expects to be run from /usr/local/bin instead of /bin.
3. The chrsh binary is now installed suid root.

To use my script download the following three files and place them in /root/bin (or change the script to reflect your choice). Then review the configuration variables (paths) in the top of the script. Install chrsh and run /root/bin/create_chroot_home. Voila!

• create_chroot_home (The script)
• create_chroot_home.filelist (List of files to put in the chroot)
• create_chroot_home.staticfiles.tar (/etc/shells and /home/username/.profile)

To make sure the binaries in the chroots are updated after "cvs up" and a recompilation I use update_chroot_homes (a script).

Comments?