|
When you ssh into an IBM i environment you can be placed into a chroot
environment by default depending on how the HOMEDIR is set on a user
profile. For example,
HOMEDIR('/QOpenSys/litmis/spaces/ULKUMH/./home/usrlnmki') will run the
chroot command where the period is specified. So when this particular user
logs in they will be placed in directory
/QOpenSys/litmis/spaces/ULKUMH/home/usrlnmki. If they do a "ls /" they
will see whatever is in directory /QOpenSys/litmis/spaces/ULKUMH. They
will not be able to "cd .." up past /QOpenSys/litmis/spaces/ULKUMH.
Here an example of me SSH'ing into a chroot environment and listing the
root. Note the absence of /QSYS.LIB. Note, though, that I can still
connect to the local database with SQL CLI APIs (per the language database
adapters).
$ ls -all /
total 176
drwxrwsrwx 9 usrlnmki 0 8192 Oct 27 18:15 .
drwxrwsrwx 9 usrlnmki 0 8192 Oct 27 18:15 ..
drwxrwsrwx 5 usrlnmki 0 8192 Sep 10 21:54 QOpenSys
lrwxrwxrwx 1 usrlnmki 0 34 Sep 10 21:49 bin ->
/QOpenSys/usr/bin
drwxrwsrwx 3 usrlnmki 0 8192 Sep 10 21:46 dev
drwxr-xr-x 5 usrlnmki 0 8192 Sep 10 21:52 etc
drwxr-s--- 3 usrlnmki 0 8192 Sep 10 21:46 home
lrwxrwxrwx 1 usrlnmki 0 34 Sep 10 21:49 lib ->
/QOpenSys/usr/lib
lrwxrwxrwx 1 usrlnmki 0 26 Sep 10 21:49 opt ->
/QOpenSys/opt
lrwxrwxrwx 1 usrlnmki 0 36 Sep 10 21:49 sbin ->
/QOpenSys/usr/sbin
drwxrwsrwt 5 usrlnmki 0 8192 Oct 21 00:44 tmp
drwxrwsrwx 4 usrlnmki 0 8192 Sep 10 21:52 usr
drwxrwsrwx 3 usrlnmki 0 8192 Sep 10 21:52 var
Aaron Bartell
litmis.com - Services for open source on IBM i
On Tue, Oct 27, 2015 at 2:40 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:
Thanks for the replies, Jim and Aaron.
Regarding connections to IBM i databases, I'm already familiar with SQL CLI
DB and toolkit interfaces which accompany *nix language environments (PHP,
Ruby, Python, Node.js, etc.).
My question about accessing /qsys.lib was a curiosity about "visibility"
and "access" from *nix shells, via *SHHD.
While at the command line, what happens if users enter:
cd /
ls
Would /qsys.lib appear in the directory structure?
I gather from Aaron's response - that it would depend on the authority of
the "user" of the IBM i JOB which accompanies a *SSHD connection.
On Tue, Oct 27, 2015 at 1:20 PM, Aaron Bartell <aaronbartell@xxxxxxxxx>
wrote:
Without aAs a follow-up to Vern's question regarding access to /qsys.lib;
chroot setup, would users of the *SSHD daemon be able to access/qsys.lib/*
objects otherwise, from remote *nix shells?the
When a user logs into the *SSHD daemon from LUW** they are literally on
IBM i with a dedicated IBM i job; complete with a library list and all.--
Similar in nature to a telnet session where 5250 is your "shell".
**LUW=Linux/Unix/Windows
Aaron Bartell
litmis.com - Services for open source on IBM i
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.