Re: chroot

To: Martin WHEELER <mwheeler@startext.co.uk>
Cc: debian-isp@lists.debian.org
Subject: Re: chroot
From: Craig Sanders <cas@taz.net.au>
Date: Wed, 27 Dec 2000 20:38:41 +1100
Message-id: <[🔎] 20001227203841.G11734@taz.net.au>
In-reply-to: <[🔎] Pine.LNX.4.21.0012261547050.3227-100000@startext.demon.co.uk>; from mwheeler@startext.co.uk on Tue, Dec 26, 2000 at 04:23:15PM +0000
References: <[🔎] Pine.LNX.4.21.0012261547050.3227-100000@startext.demon.co.uk>

On Tue, Dec 26, 2000 at 04:23:15PM +0000, Martin WHEELER wrote:
> Can anyone on this list help me to get defined users logging in to be
> automatically chrooted to a restricted area in the fs?  (/home/... )

read the docs on rbash (restricted bash shell) and set their shell to
/bin/rbash in /etc/passwd.

it prevents users from changing out of their home directory (but doesn't
actually stop them from viewing or editing files in other dirs), and
restricts them to a subset of available binaries.

it's not as useful as you might think it is, and takes a lot of work
to actually make it usable.  

imo, it's not worth the bother - if a user can't be trusted with a
shell, then don't give them one. better to spend your effort on making
sure that all file permissions are correct and that there are no suid
root exploitable holes on your system.

craig

--
craig sanders

Reply to:

Follow-Ups:
- Re: chroot
  - From: Martin WHEELER <mwheeler@startext.co.uk>

References:
- chroot
  - From: Martin WHEELER <mwheeler@startext.co.uk>

Prev by Date: Re: your mail
Next by Date: Re: your mail
Previous by thread: Re: chroot
Next by thread: Re: chroot
Index(es):
- Date
- Thread