Index: Linux-PAM/doc/modules/pam_limits.sgml =================================================================== --- Linux-PAM/doc/modules/pam_limits.sgml (revision 379) +++ Linux-PAM/doc/modules/pam_limits.sgml (working copy) @@ -155,6 +155,7 @@

@@ -197,6 +198,7 @@ @faculty soft nproc 20 @faculty hard nproc 50 ftp hard nproc 0 +ftp - chroot /ftp @student - maxlogins 4 Index: Linux-PAM/modules/pam_limits/pam_limits.c =================================================================== --- Linux-PAM/modules/pam_limits/pam_limits.c (revision 381) +++ Linux-PAM/modules/pam_limits/pam_limits.c (working copy) @@ -73,6 +73,7 @@ int flag_numsyslogins; /* whether to limit logins only for a specific user or to count all logins */ int priority; /* the priority to run user process with */ + char chroot_dir[8092]; /* directory to chroot into */ int supported[RLIM_NLIMITS]; struct user_limits_struct limits[RLIM_NLIMITS]; char conf_file[BUFSIZ]; @@ -84,6 +85,7 @@ #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 #define LIMIT_PRI RLIM_NLIMITS+3 +#define LIMIT_CHROOT RLIM_NLIMITS+4 #define LIMIT_SOFT 1 #define LIMIT_HARD 2 @@ -255,6 +257,8 @@ pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; + pl->chroot_dir[0] = '\0'; + return retval; } @@ -322,6 +326,8 @@ pl->flag_numsyslogins = 1; } else if (strcmp(lim_item, "priority") == 0) { limit_item = LIMIT_PRI; + } else if (strcmp(lim_item, "chroot") == 0) { + limit_item = LIMIT_CHROOT; } else { _pam_log(LOG_DEBUG,"unknown limit item '%s'", lim_item); return; @@ -402,7 +408,9 @@ break; } - if ( (limit_item != LIMIT_LOGIN) + if (limit_item == LIMIT_CHROOT) + strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)); + else if ( (limit_item != LIMIT_LOGIN) && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) ) { if (limit_type & LIMIT_SOFT) { @@ -602,6 +610,13 @@ retval |= LOGIN_ERR; } + if (!retval && pl->chroot_dir[0]) { + i = chdir(pl->chroot_dir); + if (i == 0) + i = chroot(pl->chroot_dir); + if (i != 0) + retval = LIMIT_ERR; + } return retval; }