Hello! I want to chroot a application/gameserver. What is the better/securest way? 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh" or 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and execute the "start.sh" in the chroot? Solution 2 does not need a root shell at all, why i think it is a little more secure. What do you think? WHat do u recommend? How would do solve this? Cheers, Mario
On Mon, Jun 16, 2003 at 10:32:29AM +0200, Mario Ohnewald wrote:
I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found not much documentation about its intended usage. whether it realy suits my needs, I don't know yet. I'd like to read your comments on this. you'd need something like user game group game, put into /etc/security/chroot.conf game /chroot/game and into each pam service configuration which should use this, e.g. /etc/pam.d/su account optional pam_chroot.so debug (whether optional is the right choice I don't know) restrict access to the user with pam_access. Lars
participants (2)
-
Lars Ellenberg
-
Mario Ohnewald