I want users to be able to update their web pages safely. Does *everything* (/bin /lib /home /etc) have to be in the jail? Must there be a jail within a jail for each user or can I symlink within the same and retain security? Thanks, Steve. SuSE 8.0
* steve (fsanta@arrakis.es) [021008 11:56]:
I want users to be able to update their web pages safely. Does *everything* (/bin /lib /home /etc) have to be in the jail? Must there be a jail within a jail for each user or can I symlink within the same and retain security?
No, symlinks defeat the point of using chroot. Depending on what your users need to do sash might be enough. -- -ckm
On Tuesday 08 October 2002 22:38, Christopher Mahmood wrote:
* steve (fsanta@arrakis.es) [021008 11:56]:
I want users to be able to update their web pages safely. Does *everything* (/bin /lib /home /etc) have to be in the jail? Must there be a jail within a jail for each user or can I symlink within the same and retain security?
No, symlinks defeat the point of using chroot. Depending on what your users need to do sash might be enough.
I don't want them to have access to the disk other than their own directory. sash seems to let them go anywhere, or have I missed something?
* steve (fsanta@arrakis.es) [021009 01:04]:
No, symlinks defeat the point of using chroot. Depending on what your users need to do sash might be enough.
I don't want them to have access to the disk other than their own directory. sash seems to let them go anywhere, or have I missed something?
Yes. You had asked about what programs to include inside of the chroot. I suggested seeing if sash included everything your users needed. If so, you only need to include /bin/sash -- it's statically linked and has the common file commands built in. -- -ckm
On Wednesday 09 October 2002 19:18, Christopher Mahmood wrote:
* steve (fsanta@arrakis.es) [021009 01:04]:
No, symlinks defeat the point of using chroot. Depending on what your users need to do sash might be enough.
I don't want them to have access to the disk other than their own directory. sash seems to let them go anywhere, or have I missed something?
Yes. You had asked about what programs to include inside of the chroot. I suggested seeing if sash included everything your users needed. If so, you only need to include /bin/sash -- it's statically linked and has the common file commands built in.
Thanks. I didn't understand the statically linked bit until I did an ldd sash
participants (2)
-
Christopher Mahmood
-
steve