Re: limiting access

To: Robert Waldner <Waldner@KPNQwest.at>
Cc: debian-user@lists.debian.org
Subject: Re: limiting access
From: William T Wilson <fluffy@snurgle.org>
Date: Sun, 20 Aug 2000 04:44:29 -0400 (EDT)
Message-id: <Pine.LNX.4.04.10008200438240.26403-100000@benatar.snurgle.org>
In-reply-to: <200008200814.KAA18425@cruncher.Austria.EU.net>

On Sun, 20 Aug 2000, Robert Waldner wrote:

> I have a bunch of luser-accounts on one of my boxes, what I want is to 
> restrict them to their home-dir, with only very special exceptions.

You probably want to use rsh, the restricted shell (as opposed to rsh the
remote shell).

> Any hints? iirc there is a way to set the root-dir to some other than /
> , but what´s the command/utility for that?

chroot.  But chroot removes the entire portion of the filesystem above
where you chrooted to, so your chroot environment has to have its own
/usr/bin, its own libraries, its own /etc files... it has to be a fully
functioning system in its own right.  The most common use for chroot is
for anonymous FTP, which is probably the very minimum chroot environment
that works.

Chroot doesn't guarantee security, as setuid programs within the chroot
environment can still give root access, and users can still communicate
with non-chroot processes normally.  And it is not trivial, but usually
pretty easy, for someone getting root access within a chroot "jail" to get
out of it again.  The restricted shell can allow you to control precisely
what a user does, which can provide a different sort of security.

Reply to:

References:
- limiting access
  - From: Robert Waldner <Waldner@KPNQwest.at>

Prev by Date: Re: printing printcap
Next by Date: RE: man is using gxditview
Previous by thread: limiting access
Next by thread: Re: limiting access
Index(es):
- Date
- Thread