Mailinglist Archive: opensuse-security (334 mails)

< Previous Next >
Re: [suse-security] pam_chroot
  • From: Lars Ellenberg <l.g.e@xxxxxx>
  • Date: Wed, 24 Sep 2003 12:05:10 +0200
  • Message-id: <mJMBCBlD7UXB74Lkx1+lmpI=lge@xxxxxx>
/ 2003-09-23 17:22:44 +0200
\ Pep Serrano:
> Anybody is using pam_chroot?
>

I once made an attempt to setup some "application" users,
so I could e.g. "su webbrowser", and it would start the
chroot'ed app. It almost worked... every now and then the su failed,
retry succeeded.
It's tricky to get it working with X in a secure way
(all your applications with different uids sharing the same display...)

For "normal users" this should be no problem.
I did not look at the coe itself, I cannot tell how mature this is is.
It obviously is not well documented -- or I was too dumb to find it.
All in all I could not make it do what I wanted it to do.
Now I'm back to an explicit chroot, if I need one.

Hints on the original intention of pam_chroot most welcome!

Lars

< Previous Next >
Follow Ups
References