schroot: a replacement for dchroot
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks,
Over the last week or so, after wanting features that dchroot didn't
provide, I've written a replacement: schroot. This is mostly
command-line compatible with dchroot, but provides additional
functionality, such as su/sudo-like behaviour:
- - access restricted by group
- - ability to switch user id
- - passwordless root for authorised groups
- - tighter security checks than dchroot
- - PAM authentication and authorisation
- - Full logging of chroot operations
It was mainly written as a replacement for sudo in sbuild, but has
more general uses than that. If you have chroots, and currently use
dchroot, you might like to give schroot a try.
If there are any security and/or PAM experts here, I would be grateful
if you could spare a few minutes to check the code. I'm pretty sure
it's fine, but it's the first PAM-based program I've written, and
there may be subtleties I've missed.
http://people.debian.org/~rleigh/schroot/
(packages and original source)
I won't upload this as a standalone package yet, in case the sbuild
maintainers would like it as part of sbuild CVS and packaging.
Comments welcome!
Regards,
Roger
- --
Roger Leigh
Printing on GNU/Linux? http://gimp-print.sourceforge.net/
Debian GNU/Linux http://www.debian.org/
GPG Public Key: 0x25BFB848. Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQFCta79VcFcaSW/uEgRAlBCAJ9FWuujVVc+kPWLc8APrz2TdnUYBgCg4tER
FV1lHOGUUBc6i7vqVuaU4Ic=
=AHI4
-----END PGP SIGNATURE-----
Reply to: