PAM_CHROOT(8) |
System Manager's Manual |
PAM_CHROOT(8) |
pam_chroot
—
Chroot PAM module
[service-name] module-type
control-flag pam_chroot
[arguments]
The chroot service module for PAM chroots users into either a predetermined
directory or one derived from their home directory. If a user's home directory
as specified in the passwd structure returned by
getpwnam(3) contains the
string “/./
”, the portion of the
directory name to the left of that string is used as the chroot directory, and
the portion to the right will be the current working directory inside the
chroot tree. Otherwise, the directories specified by the
dir
and cwd
options (see
below) are used.
also_root
- Do not hold user ID 0 exempt from the chroot requirement.
always
- Report a failure if a chroot directory could not be derived from the
user's home directory, and the
dir
option was not
specified.
cwd
=directory
- Specify the directory to
chdir(2) into after a
successful chroot(2)
call.
dir
=directory
- Specify the chroot directory to use if one could not be derived from the
user's home directory.
The pam_chroot
module and this manual page were
developed for the FreeBSD Project by ThinkSec AS and
NAI Labs, the Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035 (“CBOSS”), as part of the
DARPA CHATS research program.