1、创建一个普通账号:
[[email protected] ~]# useradd user1 [[email protected] ~]# passwd user1 Changing password for user user1. New password: BAD PASSWORD: it is too simplistic/systematic BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully #一定要给账号设置密码
2、创建活动目录:
[[email protected] ~]# mkdir /vm/user1 -p
3、进入目录,创建需要的目录:
[[email protected] ~]# cd /vm/user1/ [[email protected] user1]# mkdir bin dev etc lib64 proc dev/pts -p [[email protected] user1]# ll total 20 drwxr-xr-x 2 root root 4096 Nov 23 01:33 bin drwxr-xr-x 3 root root 4096 Nov 23 01:33 dev drwxr-xr-x 2 root root 4096 Nov 23 01:33 etc drwxr-xr-x 2 root root 4096 Nov 23 01:33 lib64 drwxr-xr-x 2 root root 4096 Nov 23 01:33 proc
4、拷贝需要的文件和库文件
#拷贝lib库文件: [[email protected] user1]# pwd /vm/user1 [[email protected] user1]# cp -a /lib64/* lib64/ #注:若是32位,则拷贝/lib/*
#拷贝密码文件: [[email protected] user1]# pwd /vm/user1 [[email protected] user1]# grep "user1:" /etc/passwd > etc/passwd [[email protected] user1]# cat etc/passwd user1:x:504:504::/home/user1:/bin/bash #只需要此用户这一行即可
#拷贝dev和proc: [[email protected] user1]# CHROOT_DIR=/vm/user1/ [[email protected] user1]# mount proc $CHROOT_DIR/proc -t proc [[email protected] user1]# mount devpts $CHROOT_DIR/dev/pts -t devpts [[email protected] user1]# mknod $CHROOT_DIR/dev/ptmx c 5 2 [[email protected] user1]# chmod 666 /dev/ptmx #注意: mount proc $CHROOT_DIR/proc -t proc #必须创建这个proc文件系统,用户登录后可以看到这个目录中有很多文件/子目录 mount devpts $CHROOT_DIR/dev/pts -t devpts #devpts文件系统,提供访问终端的接口 mknod $CHROOT_DIR/dev/ptmx c 5 2 #必须有,用户登录后要使用它,作为作为伪终端的master设备
#拷贝脚本文件: [[email protected] user1]# cp -a /bin/bash bin/ #必须要拷的 [[email protected] user1]# cp -a /bin/ls bin/ [[email protected] user1]# cp -a /bin/cat bin/ #根据自己的需求拷贝相应的脚本文件
#修改权限: [[email protected] user1]# chown -R user1. /vm/user1/*
5、修改/etc/pam.d/sshd
[[email protected] user1]# vim /etc/pam.d/sshd 添加: session required pam_chroot.so
6、修改/etc/security/chroot.conf
[[email protected] user1]# vim /etc/security/chroot.conf 添加: user1 /vm/user1
7、重启sshd
[[email protected] user1]# /etc/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
8、测试:
[[email protected] ~]# ssh [email protected] [email protected]‘s password: Could not chdir to home directory /home/user1: No such file or directory -bash-4.1$ ls bin dev etc lib64 proc -bash-4.1$ ps -bash: ps: command not found -bash-4.1$ pwd / -bash-4.1$ cd / -bash-4.1$ ls bin dev etc lib64 proc -bash-4.1$
9、注意:
以上方法只能使用原系统中/bin/目录下的命令
对于/usr/bin/目录下的命令目前还有问题,无法使用
如:ssh命令,ssh命令需要用到/usr/lib64/目录下的相应的库文件
#使用以下脚本可以实现将命令依赖的/usr/lib64/下的库文件拷贝到活动目录的lib64/目录下 [[email protected] lib64]# vim abc.sh #!/bin/bash cmd="ssh" cd /vm/user1/lib64 for i in $cmd do ldd `which $i` |grep "/usr/lib64/"|sed ‘s/(.*//g‘|awk ‘{print $NF}‘|while read j do \cp -a $j ./ if [ `file $j | grep -c symbolic` -eq 1 ];then sourceFile=`ls -l $j |awk ‘{print $NF}‘` \cp -a `dirname $j`/$sourceFile ./ fi done done
#建议使用此方法:将/usr/lib64/全部拷贝过去 [[email protected] user1]# pwd /vm/user1 [[email protected] user1]# mkdir usr [[email protected] user1]# cp -a /usr/lib64/ usr/
即便将ssh依赖的/usr/lib64/目录下的库文件全部拷贝过去,ssh命令的使用还是有很多问题,尚待研究
时间: 2024-12-06 23:03:01