1eac956b2SDag-Erling Smørgrav.\" Copyright (c) 2003 Networks Associates Technology, Inc. 2eac956b2SDag-Erling Smørgrav.\" All rights reserved. 3eac956b2SDag-Erling Smørgrav.\" 4eac956b2SDag-Erling Smørgrav.\" Portions of this software were developed for the FreeBSD Project by 5eac956b2SDag-Erling Smørgrav.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 6eac956b2SDag-Erling Smørgrav.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 7eac956b2SDag-Erling Smørgrav.\" ("CBOSS"), as part of the DARPA CHATS research program. 8eac956b2SDag-Erling Smørgrav.\" 9eac956b2SDag-Erling Smørgrav.\" Redistribution and use in source and binary forms, with or without 10eac956b2SDag-Erling Smørgrav.\" modification, are permitted provided that the following conditions 11eac956b2SDag-Erling Smørgrav.\" are met: 12eac956b2SDag-Erling Smørgrav.\" 1. Redistributions of source code must retain the above copyright 13eac956b2SDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer. 14eac956b2SDag-Erling Smørgrav.\" 2. Redistributions in binary form must reproduce the above copyright 15eac956b2SDag-Erling Smørgrav.\" notice, this list of conditions and the following disclaimer in the 16eac956b2SDag-Erling Smørgrav.\" documentation and/or other materials provided with the distribution. 17eac956b2SDag-Erling Smørgrav.\" 3. The name of the author may not be used to endorse or promote 18eac956b2SDag-Erling Smørgrav.\" products derived from this software without specific prior written 19eac956b2SDag-Erling Smørgrav.\" permission. 20eac956b2SDag-Erling Smørgrav.\" 21eac956b2SDag-Erling Smørgrav.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22eac956b2SDag-Erling Smørgrav.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23eac956b2SDag-Erling Smørgrav.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24eac956b2SDag-Erling Smørgrav.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25eac956b2SDag-Erling Smørgrav.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26eac956b2SDag-Erling Smørgrav.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27eac956b2SDag-Erling Smørgrav.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28eac956b2SDag-Erling Smørgrav.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29eac956b2SDag-Erling Smørgrav.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30eac956b2SDag-Erling Smørgrav.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31eac956b2SDag-Erling Smørgrav.\" SUCH DAMAGE. 32eac956b2SDag-Erling Smørgrav.\" 33eac956b2SDag-Erling Smørgrav.\" $FreeBSD$ 34eac956b2SDag-Erling Smørgrav.\" 35eac956b2SDag-Erling Smørgrav.Dd February 10, 2003 36eac956b2SDag-Erling Smørgrav.Dt PAM_CHROOT 8 37eac956b2SDag-Erling Smørgrav.Os 38eac956b2SDag-Erling Smørgrav.Sh NAME 39eac956b2SDag-Erling Smørgrav.Nm pam_chroot 40eac956b2SDag-Erling Smørgrav.Nd Chroot PAM module 41eac956b2SDag-Erling Smørgrav.Sh SYNOPSIS 42eac956b2SDag-Erling Smørgrav.Op Ar service-name 43eac956b2SDag-Erling Smørgrav.Ar module-type 44eac956b2SDag-Erling Smørgrav.Ar control-flag 45eac956b2SDag-Erling Smørgrav.Pa pam_chroot 46eac956b2SDag-Erling Smørgrav.Op Ar arguments 47eac956b2SDag-Erling Smørgrav.Sh DESCRIPTION 48eac956b2SDag-Erling SmørgravThe chroot service module for PAM chroots users into either a 49eac956b2SDag-Erling Smørgravpredetermined directory or one derived from their home directory. 50eac956b2SDag-Erling SmørgravIf a user's home directory as specified in the 51eac956b2SDag-Erling Smørgrav.Dv passwd 52eac956b2SDag-Erling Smørgravstructure returned by 53eac956b2SDag-Erling Smørgrav.Xr getpwnam 3 54eac956b2SDag-Erling Smørgravcontains the string 55eac956b2SDag-Erling Smørgrav.Dq /./ , 56eac956b2SDag-Erling Smørgravthe portion of the directory name to the left of that string is used 57eac956b2SDag-Erling Smørgravas the chroot directory. 58eac956b2SDag-Erling SmørgravOtherwise, the directory specified by the 59eac956b2SDag-Erling Smørgrav.Cm dir 60eac956b2SDag-Erling Smørgravoption (see below) is used. 61eac956b2SDag-Erling Smørgrav.Bl -tag -width ".Cm also_root" 62eac956b2SDag-Erling Smørgrav.It Cm also_root 63eac956b2SDag-Erling SmørgravDo not hold user id 0 exempt from the chroot requirement. 64eac956b2SDag-Erling Smørgrav.It Cm always 65eac956b2SDag-Erling SmørgravReport a failure if a chroot directory could not be derived from the 66eac956b2SDag-Erling Smørgravuser's home directory, and the 67eac956b2SDag-Erling Smørgrav.Cm dir 68eac956b2SDag-Erling Smørgravoption was not specified. 69eac956b2SDag-Erling Smørgrav.It Cm dir Ns = Ns Ar directory 70eac956b2SDag-Erling SmørgravSpecify the chroot directory to use if one could not be derived from 71eac956b2SDag-Erling Smørgravthe user's home directory. 72eac956b2SDag-Erling Smørgrav.El 73eac956b2SDag-Erling Smørgrav.Sh SEE ALSO 74eac956b2SDag-Erling Smørgrav.Xr pam.conf 5 , 75eac956b2SDag-Erling Smørgrav.Xr pam 8 76eac956b2SDag-Erling Smørgrav.Sh AUTHORS 77eac956b2SDag-Erling SmørgravThe 78eac956b2SDag-Erling Smørgrav.Nm 79eac956b2SDag-Erling Smørgravmodule and this manual page were developed for the 80eac956b2SDag-Erling Smørgrav.Fx 81eac956b2SDag-Erling SmørgravProject by 82eac956b2SDag-Erling SmørgravThinkSec AS and NAI Labs, the Security Research Division of Network 83eac956b2SDag-Erling SmørgravAssociates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 84eac956b2SDag-Erling Smørgrav.Pq Dq CBOSS , 85eac956b2SDag-Erling Smørgravas part of the DARPA CHATS research program. 86