Re: [off-topic?] Chrooting ssh/telnet users?
I think the only way to accomplish a chroot IS to include all the files in
the jail that the user needs.
-rishi
On 26 Oct 2001, Paul Fleischer wrote:
>
> On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
> > Set the shell for the user in /etc/passwd to a script that chroots and
> > then spawns a shell.
> >
> > -rishi
>
> Hmmm, That wouldn't work as intended - since the jailed environment
> would have to contain all files/libraries the user needs to get his work
> done.
>
> > On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
> >
> > > Chrooting the daemon is a possibility, but it's not tailored in a per-user
> > > basis but globally to all users (besides you need all the tools that users
> > > might want to use in the jail). I'm looking more into a jailed enviroment
> > > like proftpd's when you sed "DefaultRoot ~" (jails the user into his home
> > > directory but he's able to use all commands, without having to setup all
> > > the libraries in it).
>
> Unfortunately, I can't see how this should be done. The reason it works
> with proftpd is because it has those common commands builtin and does
> not depend on the files being in the jail.
> However, how would you use ls which resides in /bin/ls, if you are
> jailed into /home/username ?? As I see it, it cannot be done (though it
> would be nice)
>
> --
> Paul Fleischer
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: