用户登录后,进入受限的文件系统

背景: 受限用户为demo,chroot根为/user/demo

拷贝命令到特定受限的目录

  1. /bin/cp /lib64/ld-linux-x86-64.so.2 /user/demo/lib64/
  2. cmds="mount clear top ls bash touch more less awk sed vim mkdir"
  3. for cmd in $cmds
  4. do
  5.    a=`which $cmd`
  6.    cp $a /user/demo/bin/
  7.    ldd $a | awk '{print $3}' | while read line
  8.        do
  9.            if [[ $line == /lib64* || $line == /usr/* ]]
  10.            then
  11.               path=$(dirname $line)
  12.               if [ ! -d /user/demo$path ]
  13.               then
  14.                   mkdir -p /user/demo$path
  15.               fi
  16.               /bin/cp $line /user/demo$line
  17.            fi
  18.       done
  19. done

拷贝profile文件

  1. mkdir -p /user/demo/etc
  2. /bin/cp /etc/profile /user/demo/etc/profile
  3. /bin/cp /etc/bashrc /user/demo/etc/bashrc

生成dev下的常用设备

  1. mkdir -p /usr/demo/dev
  2. /bin/mknod -m 0666 /user/demo/dev/null    c 1 3
  3. /bin/mknod -m 0666 /user/demo/dev/random  c 1 8
  4. /bin/mknod -m 0666 /user/demo/dev/urandom c 1 9

使用proc与shm目录

  1. mkdir -p /user/demo/dev/shm
  2. mkdir -p /user/demo/proc
  3. mount --bind /dev/shm /user/demo/dev/shm
  4. mount --bind /proc /user/demo/proc

终端信息配置拷贝

  1. mkdir -p /user/demo/usr/share
  2. /bin/cp -r /usr/share/terminfo /user/demo/usr/share/terminfo

生成特定的bash_profile

  1. echo "export PATH=$PATH/bin" > /user/demo/home/demo/.bash_profile
  2. echo "export TERMINFO=/usr/share/terminfo" >> /user/demo/home/demo/.bash_profile
  3. chown demo:demo /user/demo/home/demo/.bash_profile