First... you need to create a user
adduser or
pw useradd testuser -d /usr/local/testuser -s /bin/sh
chown root:testuser /home/testuser # root must own the chroot directory
cp /rescue/sh /home/testuser/bin/
In /etc/ssh/sshd_config you must add following lines:
=================================
Match User testuser
PasswordAuthentication yes
ChrootDirectory /home/testuser
# ForceCommand internal-sftp
AllowTcpForwarding no
AllowAgentForwarding no
PermitTunnel no
# PermitTTY no
X11Forwarding no
================================
After that restart sshd daemon: /etc/rc.d/sshd restart
Now... try to login for the first time.
$ ssh testuser@x.x.x.x
Password for testuser@x.x.x.x:
X11 forwarding request failed on channel 0
Last login: Thu Aug 20 15:00:09 2015 from y.y.y.y
Could not chdir to home directory /home/testuser: No such file or directory
Cannot read termcap database;
using dumb terminal settings.
$ ls
ls: not found
$ mc
mc: not found
In this point the test user can run any command.
We must create a folder structure like in main OS. (/bin,/sbin,/usr/bin,/usr/sbin, etc...)
We need to copy all executable and library files from main OS to testuser folders.
To install
Midnight Commander you can try following procedure:
# locate mc | grep bin
/usr/local/bin/mc
cp /usr/local/bin/mc /home/testuser/bin/mc
==============
$ mc
ELF interpreter /libexec/ld-elf.so.1 not found
Abort trap
(In this point i copy ld-elf.so.1 to /home/testuser/libexec/ld-elf.so.1)
$ mc
Shared object "libslang.so.2" not found, required by "mc"
$ mc
Shared object "libncurses.so.8" not found, required by "mc"
$ mc
Shared object "libssh2.so.1" not found, required by "mc"
$ mc
Shared object "libgmodule-2.0.so.0" not found, required by "mc"
...........
After I copy all libraries, run again mc
$ mc
(mc:4253): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory.
This indicates a bug in someone's code. You must ensure an error is NULL before it's set.
The overwriting error message was: Cannot create /home/testuser/.cache/mc directory
Create manual .cache/mc folder in /testuser directory
We will have following structure:
/home/testuser/home/testuser/.cache/mc
After this operation i download mc txz file from Latest.
-Open txz file and copy manual files in folders.
-copy termcap and termcap.db files
cp /usr/share/misc/termcap.db /home/testuser/usr/share/misc/termcap.db
cp /usr/share/misc/termcap /home/testuser/usr/share/misc/termcap
copy and symlink
cp /etc/termcap /home/testuser/etc/termcap
All done
Nou chrooted user can run mc in own folder.
If you want to give acces to other commands just copy files in own folder structure.