<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
				<meta name="viewport" content="width=device-width, initial-scale=1" />
		<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
		<meta name="format-detection" content="telephone=no" />
		<meta name="robots" content="noindex" />
			<title>A/UX 2.0: Restricted Login Problem</title><body class="ac-gn-current-support">
	<input type="hidden"  id="cdsHeaderObj" data-json='{"setPod": "true",
"resourceUrl": "https://support.apple.com",
"akamaiUrl": "https://km.support.apple.com",
"modelValue": "Support",
"aiSearchServiceURL": "support.apple.com",
"podLocaleValue": "en_US",
"omnitureLocale": "us_en",
"aiCrossDomainSearchServiceURL": "support-suggestions.apple.com",
"podValue": "us~en",
"searchCountry": "us",
"enableAppleInstant": "yes",
"pageName": "kb",
"amlSuggestionsUrl": "https://www.apple.com/search-services/suggestions/",
"title": "A/UX 2.0: Restricted Login Problem",
"channelName": "LEGACY"
}'>
	<input type="hidden"  id="httpDownloadURL" value="http://support.apple.com">
<!-- 	
 -->

	
<aside id="ac-gn-segmentbar" class="ac-gn-segmentbar" lang="en-US" dir="ltr" data-strings="{ 'exit': 'Exit', 'view': '{%STOREFRONT%} Store Home', 'segments': { 'smb': 'Business Store Home', 'eduInd': 'Education Store Home', 'other': 'Store Home' } }">
</aside>

<h1 id="main-title">A/UX 2.0: Restricted Login Problem</h1>
<div id="abstract">
 
<div id="intro-container"><div class="truncate"><div class="attr SYMPTOMS"><div class="attr TOPIC"><FONT SIZE=4> <BR>
I want to set up a restricted account through the chroot command. The man pages for login say that you should be able to do this by using a &quot;*/etc/passwd&quot; in the place of a shell to be executed at startup.  I tried to duplicate the problem and documented it below.  If this is a bug that is not fixable in the near future, can you suggest a way to set up a restricted account, so that it has no way of getting to /?  How is this done on the patch server?<BR>
 <BR>
Man page excerpt from login:<BR>
 <BR>
If the last field is *, then a chroot(2) is done to the directory named in the directory field of the entry.  At that point, login is re-executed at the new level, which must have its own root structure, including /etc/login and /etc/passwd.<BR>
 <BR>
User toad's login sequence, it looks like it is trying to execute &quot;*&quot;.<BR>
 <BR>
Apple Computer A/UX (ebc_A/UX)<BR>
 <BR>
login: toad<BR>
*: No such file or directory<BR>
No shell<BR>
 <BR>
Entry for user toad in /etc/passwd<BR>
 <BR>
toad::1009:1002:,,,:/users/toad:*<BR>
 <BR>
Directory structure for users/toad.  The files are all linked rather than exact</FONT><BR>
<FONT SIZE=4>copies.  The shared library file was set up in case there was a problem, given<BR>
the problems I had with anonymous ftp.<BR>
 <BR>
ebc_aux.root # cd /users/toad<BR>
ebc_aux.root # ls<BR>
README<BR>
bin<BR>
etc<BR>
shlib<BR>
ebc_aux.root # cd bin<BR>
ebc_aux.root # ls -la<BR>
total 110<BR>
drwxr-xr-x   2 root     gp1002       512 Aug 27 17:34 .<BR>
drwxr-x---   5 toad     gp1002       512 Aug 27 17:35 ..<BR>
-rwsr-xr-x   2 root     root       53468 Apr 10 06:49 login<BR>
ebc_aux.root # cd ../etc<BR>
./etc: bad directory<BR>
ebc_aux.root # cd ..<BR>
ebc_aux.root # cd etc<BR>
ebc_aux.root # ls -la<BR>
total 8<BR>
drwxr-xr-x   2 root     gp1002       512 Aug 27 17:32 .<BR>
drwxr-x---   5 toad     gp1002       512 Aug 27 17:35 ..<BR>
-rwxr--r--   2 root     sys         1068 Aug 27 18:37 passwd<BR>
ebc_aux.root # cd ..<BR>
ebc_aux.root # cd shlib<BR>
ebc_aux.root # ls -la<BR>
total 164<BR>
drwxr-xr-x   2 root     gp1002       512 Aug 27 17:35 .<BR>
drwxr-x---   5 toad     gp1002       512 Aug 27 17:35 ..<BR>
-rwxr-xr-x   2 root     root       81684 Apr 10 05:48 libc_s<BR>
 <BR>
</FONT></div></div> <!--  attr Symptom  --></div> <!--  truncate --></div> <!--  intro-container --><div class="clear"> </div>
 </div>   <!-- abstract end -->
<div id="articlecontent">
<div id="indicator-container">      
<div class="indicator archived"></div></div> <!-- Indicator-container -->
  <div class="attr SUMMARY">
<TT> <BR>
This is a bug in the A/UX 2.0 login(1) command. &nbsp;You would not be able to reproduce this by logging in to the console under A/UX 2.0. &nbsp;This feature is a part of the System V login(1) command, which is not executed when logging in to the A/UX console. &nbsp;Instead the /mac/bin/Login program is called, and it does not understand the &quot;*&quot; syntax in the /etc/passwd file. &nbsp;Even when logging into the serial ports or the console when /mac/bin/Login is not present, the chroot does not work. &nbsp;This is one reason why the patch server is still running A/UX 1.1.1.<BR>
<BR>
You should use rsh(1) as a replacement for the functionality that has been lost in the A/UX 2.0 login command until a fix is provided. &nbsp;rsh would normally be the way to accomplish restricted login anyway.</TT></div>
</div>


<!-- Start SiteCatalyst code version: H.8. -->


<!-- End SiteCatalyst code version: H.8. -->


<div class="mod-date">Published Date: Feb 18, 2012</div>
  <div id="mimosa-tags">
  
  <input type ="hidden" id="mimosa-tags-heading" value="Related Topics" />
  <input type ="hidden" id="showNavTagFlag" value="true" />
  <input type ="hidden" id="tags-localised" value="Tag" />
        </div>

</div><!--/#content-->
</div><!--/#main-->

<!-- Helpful not helpful section -->
 <div style="display:none">
<div id="meta">
                </div> <!--/#meta-->
</div>          
        <!-- Related Section -->
<div class="border-div"></div>      <!-- Offer Section -->
<div class="border-div"></div>
<div id="promo" style="display:none;"> Still need help?</div>          
         
<div style="clear:both;"></div>

</div>
<input type="hidden"  id="cdsArticleObj" data-json='{"docId": "TA44800",
"cdsLocale": "en_US",
"imgSrc": "",
"akamaiUrl": "https://km.support.apple.com",
"strTitle": "A/UX 2.0: Restricted Login Problem",
"strLocale": "en_US",
"omniturePageName": "acs::kb::dl::ta44800::a/ux 2.0: restricted login problem",
"metaUrl": "",
"baseLink": "https://km.support.apple.com/kb/",
"reportLink": "https://support.apple.com",
"lcl": "en_US",
"localeParam": "en_US",
"viewLocale": "null",
"domainName": "0",
"archive": "true",
"enableAffectedProductPortlet": "false",
"configHeaderFooterLocale": "en_US",
"strCategoryListRefKeys": "",
"lastModifiedDate": "2012-02-18",
"creationDate": "1990-11-01",
"publishedDate": "Sat, 18 Feb 2012 03:05:50 GMT-00:00",
"publishedDateHeader": "Sat, 18 Feb 2012 03:05:50 GMT-00:00",
"oldInquiraID": "",
"articleNo": "TA44800",
"strChannel": "LEGACY",
"isOmnitureSupported": "true",
"referringPage": "unknown",
"messageResourcesArticleTempEmail": "Email Download Link",
"messageResourcesArticleTempDown": "Download",
"ACStaticText": "{\"more\": \"…more\", \"less\": \"less\" }"
}'>

<div class="footer-wrapper">

</div>


</html>