Re: chroot

To: Craig Sanders <cas@taz.net.au>
Cc: debian-isp@lists.debian.org
Subject: Re: chroot
From: Martin WHEELER <mwheeler@startext.co.uk>
Date: Wed, 27 Dec 2000 15:26:02 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.4.21.0012271516290.2715-100000@startext.demon.co.uk>
In-reply-to: <[🔎] 20001227203841.G11734@taz.net.au>

On Wed, 27 Dec 2000, Craig Sanders wrote:

> read the docs on rbash (restricted bash shell) and set their shell to
> /bin/rbash in /etc/passwd.

Been there; done that (before posting to the list).
Works as expected; but still doesn't make a blind scrap of difference as
to whether the chroot call is implemented or not.

> it's not as useful as you might think it is, and takes a lot of work
> to actually make it usable.  

You can say that again!

> imo, it's not worth the bother - if a user can't be trusted with a
> shell, then don't give them one.

I tend to agree with you here.  (Problem is, I can only >>advise<<
clients on their system configuration -- not tell them what to do.
And if I can't even get it working on my own system, how am I going to
do it on theirs?)

> sure that all file permissions are correct and that there are no suid
> root exploitable holes on your system.

Totally agreee; but it looks very much as if the only way to run a
script to call chroot is via suid.  Not nice.

Hey ho.
-- 
Martin Wheeler       -        StarTEXT - Glastonbury - BA6 9PH - England
[1] mwheeler@startext.co.uk                   http://www.startext.co.uk/

Reply to:

Follow-Ups:
- Re: chroot
  - From: Jeremy Lunn <jeremy@austux.net>
- Re: chroot
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: chroot
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: your mail
Next by Date: named anonymous ftp
Previous by thread: Re: chroot
Next by thread: Re: chroot
Index(es):
- Date
- Thread