Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: Re: how to chroot shell accounts
From: J C Lawrence (clawKANGA.NU)
Date: Wed Oct 04 2000 - 18:45:25 CDT
- Next message: J C Lawrence: "Re: Subnetting, firewall setup"
- Previous message: mute: "Re: how to chroot shell accounts"
- Maybe reply: J C Lawrence: "Re: how to chroot shell accounts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 4 Oct 2000 15:26:29 -0700
Thomas J Arseneault <arsenCERTAINTYSOLUTIONS.COM> wrote:
> A problem I can see here is if you just chroot like you say then
> that user has no commands available to him since /usr/bin is no
> longer accessible to him. You would need to create bin and
> probably lib directories for each user and fill it with commands
> you want to have available to them. Shell accounts are not trivial
> to chroot in any useful way.
Yes, chrroting user accounts in a right royal pain. That said, what
I've seen done previously is a chroot jail that is shared among all
shell users of the system. Its a small gain really, but it does
allow the resources made (potentially) avilable to shell users is
smaller than that available to the system as a whole.
-- J C Lawrence Home: clawkanga.nu ---------(*) Other: coderkanga.nu http://www.kanga.nu/~claw/ Keys etc: finger clawkanga.nu --=| A man is as sane as he is dangerous to his environment |=--