View previous topic :: View next topic |
Author |
Message |
Forse Apprentice
Joined: 26 Dec 2002 Posts: 260 Location: /dev/random
|
Posted: Sun Mar 09, 2003 9:37 pm Post subject: Chroot users to them home dir |
|
|
Hi. Well the topic says it all. I was wondering how to chroot users to them home directory for security reasons. Thnx a lot in advance _________________ [ My sites ]: UnixTutorials : AniFIND : AnimeYume |
|
Back to top |
|
|
simcop2387 Apprentice
Joined: 14 Aug 2002 Posts: 200 Location: Galactic Sector ZZ9 Plural Z Alpha
|
Posted: Sun Mar 09, 2003 10:08 pm Post subject: |
|
|
well i'm pretty sure this could create some major problems as far as being able to run any programs (/bin/ls even) since none of that would exist in the chrooted environment. but i would believe that placing something in the /etc/profile could manage that. if you are thinking about doing this for ftp clients, then you'll want to look into your ftp deamons docs |
|
Back to top |
|
|
Delphiki Guru
Joined: 04 Oct 2002 Posts: 337 Location: A2
|
Posted: Mon Mar 10, 2003 1:04 am Post subject: |
|
|
I think a better solution because of what simcop2387 mentioned, would be making more restrictive permissions on directories that you don't want the standard users to see. _________________ Excellent.. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Mon Mar 10, 2003 2:34 am Post subject: |
|
|
Moved from Other Things Gentoo. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
zaikick n00b
Joined: 12 Jul 2002 Posts: 3
|
Posted: Mon Mar 10, 2003 12:13 pm Post subject: |
|
|
I suggest looking at the Jail Chroot Project: http://www.gsyc.inf.uc3m.es/~assman/jail/. It's a tool that helps you set up the directories, libraries and binaries you would want your users to have access to.
Sholdn't be to difficult to set up, and there is even an ebuild in portage (app-misc/jail). |
|
Back to top |
|
|
mglauche Retired Dev
Joined: 25 Apr 2002 Posts: 564 Location: Germany
|
Posted: Mon Mar 10, 2003 12:26 pm Post subject: |
|
|
another solution might be a restricted shell .. I remember i saw something like this once, only few basic commands work |
|
Back to top |
|
|
|