NAME
pam_chroot —
Chroot PAM module
SYNOPSIS
[
service-name]
module-type control-flag
pam_chroot
[
arguments]
DESCRIPTION
The chroot service module for PAM chroots users into either a predetermined
directory or one derived from their home directory. If a user's home directory
as specified in the
passwd structure returned by
getpwnam(3) contains the
string “
/./
”, the portion of the directory
name to the left of that string is used as the chroot directory, and the
portion to the right will be the current working directory inside the chroot
tree. Otherwise, the directories specified by the
dir and
cwd options (see below) are used.
-
-
- also_root
- Do not hold user ID 0 exempt from the chroot
requirement.
-
-
- always
- Report a failure if a chroot directory could not be derived
from the user's home directory, and the dir option was
not specified.
-
-
- cwd=directory
- Specify the directory to
chdir(2) into after a
successful chroot(2)
call.
-
-
- dir=directory
- Specify the chroot directory to use if one could not be
derived from the user's home directory.
SEE ALSO
pam.conf(5),
pam(8)
AUTHORS
The
pam_chroot module and this manual page were developed for
the
FreeBSD Project by ThinkSec AS and NAI Labs, the
Security Research Division of Network Associates, Inc. under DARPA/SPAWAR
contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS
research program.