Re: [off-topic?] Chrooting ssh/telnet users?

To: debian-security@lists.debian.org
Subject: Re: [off-topic?] Chrooting ssh/telnet users?
From: Paul Fleischer <proguy@proguy.dk>
Date: 26 Oct 2001 16:32:04 +0200
Message-id: <1004106724.10156.56.camel@proguy>
In-reply-to: <Pine.SOL.4.31.0110260951000.12013-100000@copland.udel.edu>
References: <Pine.SOL.4.31.0110260951000.12013-100000@copland.udel.edu>

On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
> Set the shell for the user in /etc/passwd to a script that chroots and
> then spawns a shell.
> 
> 		-rishi

Hmmm, That wouldn't work as intended - since the jailed environment
would have to contain all files/libraries the user needs to get his work
done.

> On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
> 
> > Chrooting the daemon is a possibility, but it's not tailored in a per-user
> > basis but globally to all users (besides you need all the tools that users
> > might want to use in the jail). I'm looking more into a jailed enviroment
> > like proftpd's when you sed "DefaultRoot ~" (jails the user into his home
> > directory but he's able to use all commands, without having to setup all
> > the libraries in it).

Unfortunately, I can't see how this should be done. The reason it works
with proftpd is because it has those common commands builtin and does
not depend on the files being in the jail.
However, how would you use ls which resides in /bin/ls, if you are
jailed into /home/username ??  As I see it, it cannot be done (though it
would be nice)

--
Paul Fleischer

Reply to:

Follow-Ups:
- Re: [off-topic?] Chrooting ssh/telnet users?
  - From: Rishi L Khan <rishi@UDel.Edu>

References:
- Re: [off-topic?] Chrooting ssh/telnet users?
  - From: Rishi L Khan <rishi@UDel.Edu>

Prev by Date: Re: [off-topic?] Chrooting ssh/telnet users?
Next by Date: Re: [off-topic?] Chrooting ssh/telnet users?
Previous by thread: Re: [off-topic?] Chrooting ssh/telnet users?
Next by thread: Re: [off-topic?] Chrooting ssh/telnet users?
Index(es):
- Date
- Thread