2

I want to have the file path /var/test appear as /root for the user test123. I don't want them to actually be in the root directory but I want it to appear as being in /root so that they can't tell without prying under the hood a little. I would set it as their home directory and create a whole directory structure under that. The overall idea is to have something similar to a chroot jail.

I can't find any information on masquerading directory names based on the user logged in or anything similar, does anyone else have any suggestions?

Crumblez
  • 23

2 Answers2

2

I think you want to combine a ssh chroot jail, and a bind mount. Assuming the the chroot root is /home/test123

  • Create a chroot environment, I like to use jailkit (https://olivier.sessink.nl/jailkit/)

  • Create a bind mount inside the chroot mount -o bind /var/test /home/test123/root

  • Setup sshd for chroot, there are several howtos on this, but basically you want to add test123 to a sshchroot user group, then add this to your /etc/ssh/sshd_config: Match group sshchroot ChrootDirectory /home/%u
  • Restart sshd
Fitz
  • 397
0

If you don't want an actual chroot jail, then you would have to isolate the user's sessions into a separate mount namespace, then have /var/test bind mounted onto /root within that namespace only. Achieving that would require customization of the user session creation. Perhaps a custom PAM library could do it?

(Implementation left as an exercise for the reader: I actually don't know of any ready-made tools suitable for implementing this, so this might require programming a custom PAM library. However, the containerization technology has caused a lot of fast development on Linux namespaces - perhaps there actually is something usable for this already implemented, and I just don't know about it?)

However: if I encountered a system where a non-root user like test123 had write access to /root, let alone had it as a home directory, I would immediately assume some sort of trickery, as that would be an extremely abnormal and insecure configuration if real. If I noticed this and had no root access, I'd try and notify the actual sysadmin ASAP. If I was the sysadmin and had no other explanation, I'd strongly prefer to disconnect this system from the network (first taking forensic memory dumps if possible), shut it down and take its disk(s) to another computer for analysis, which would defeat your deception as a side effect.

So I don't really see what might be achievable with this set-up, other than an exercise in diagnostics & forensics.

telcoM
  • 96,466