Complete.Org: Mailing Lists: Archives: linux-help: May 2000:
[linux-help] Re: Question with 'chroot'.
Home

[linux-help] Re: Question with 'chroot'.

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: Question with 'chroot'.
From: Jonathan Hall <jonhall@xxxxxxxxxxxx>
Date: Sat, 20 May 2000 22:49:43 -0500
Reply-to: linux-help@xxxxxxxxx

This probably is not really going to provide for a very usable system...

1. To make the system usable, you'll have to copy so much of the original
filesystem into the user's directory, that you might as well give them full
access anyway.

2. If you do this for very many users, you'll end up wasting INCREDIBLE
amounts of HD space.  Suppose the user *only* has access to bash, and
pine... even just those two programs, and all the required libraries, could
be several megabytes.

3. Some files cannot be 'copied' to the user's dir at all... Most files in
/var, for instance (mail spool is a good example here).

Having said that... I'd like to pose this question:  What security concerns
do you have that you're attempting to resolve?  Perhaps there's a better way
to resolve the problem... (I'd guess that there probably is :-)


On Sun, May 21, 2000 at 11:00:13AM +0000, Wang Min wrote:
> Dear fellows,
> 
> I want chroot to do this job, when a user logins to my linux box, first his 
> group id is checked, for example, if he is not in the root group, then his 
> root directory switchs to /user, and I think the security situation is 
> dramatically improved by this method. As far as I know, I should modify the 
> /bin/login source code and overwrite it with the new one to achieve the goal, 
> the fact is I am a newbie to Linux and don't know how to get the login source 
> code and how to modify it as well, anybody help me?
> 
> Thanks.
> 
> Wang
> 
> 
> 
> 
> 
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

--
Floppy disk tip #4: Never insert a diskette into the drive upside down.  The
data can fall off the surface of the disk and jam the intricate mechanics of
the drive.
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Jonathan Hall  *  jonhall@xxxxxxxxxxxx  *  PGP public key available
 Systems Admin, Future Internet Services; Goessel, KS * (316) 367-2487
         http://www.futureks.net  *  PGP Key ID: FE 00 FD 51
                  -=  Running Debian GNU/Linux  =-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]