On Fri, Oct 26, 2001 at 04:35:14PM +0100, Tim Haynes wrote: > Rishi L Khan <rishi@UDel.Edu> writes: > > > I think the only way to accomplish a chroot IS to include all the files > > in the jail that the user needs. > [snip] > > Yes. Somehow, if you're going to run something, it needs to be in the jail. > Various alternatives to consider for various reasons : busybox, rbash, > sash. > What would be nice would be a union-mount, so you could graft a "real" /bin > on top of /home/foo/bin, and so on. I'm not sure that `mount --bind' is the > same thing? mount --bind would work, but you must ask yourself why you bother with chroot if your just going to bind mount the entire filesystem into the chroot jail anyway (which is just about what you must do for things to work properly) when you bind mount /bin and /usr/bin you get all the suids in those directories in the chroot, you also need /etc for the global config files many programs use. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpHptjfAV47F.pgp
Description: PGP signature