Ok, this was and still is hell to setup in real circumstances.
Main goal is to restrict users to their home directory, making them as less as possible dangerous for system security.
The idea is coming from standard chroot(8) command:
Kôd:
/usr/sbin/chroot /d1/chroot /bin/bash
Now we have a start. However we cannot use /d1/chroot directory for all users, we want to chroot them in their own directory. So we need to substitute /d1/chroot with user's home dir, for example if we want to chroot user "mohican" we're getting to this:
Kôd:
/usr/sbin/chroot /home/users/mohican /bin/bash
Ok, this is for only one user. To automaticaly chroot user "mohican" to his own home dir we put that in a shell script to look something like this:
Kôd:
slash:~# cat /usr/local/bin/chrootsh
#!/bin/sh
exec usr/sbin/chroot /home/users/mohican /bin/bash
Now we can register that /usr/local/bin/chrootsh in global shells file /etc/shells.
So, mohican dude is chrooted, but hey, why not chroot and the others?