[551] in linux-security and linux-alert archive
Re: about chroot.
daemon@ATHENA.MIT.EDU (Grant Taylor)
Fri Jan 5 17:24:47 1996
Date: Thu, 4 Jan 1996 09:30:29 -0500
From: Grant Taylor <gtaylor@picante.com>
To: luka@mhv.net
Cc: BIG-LINUX@NETSPACE.ORG,
Linux Security Mailing List <linux-security@tarsier.cv.nrao.edu>
In-reply-to: owner-linux-security@tarsier.cv.nrao.edu's message of Wed, 3 Jan
1996 18:54:14 -0500 (EST)
> [I am CC'ing this to linux-security mailing list. -- Alex]
>> Umm.. there are no users on a system without the programs. Are you saying
>> you can't chroot his shell? You have to fiddle a bit, and it is not as
>> 'secure' as it could be, but chroot will work. If modifying some scripts and
>> variables, chrooting a coupla programs, etc.. Is not enough, then you
>> obviously have a user on your hands that should not be on the system.
[Rehash of chroot man page deleted]
> If you want to lock out a user from the ability to execute all commands
> but a specific set, the better solution would be to create a special
> group, make that user a member of it; make everybody else a member of a
> group "users"; make all directories that contain binaries that should not
> be executed by restricted user owned
Has rsh been mentioned yet? It's the usual solution to this problem.
I know that pdksh has an rsh mode, and bash can supposedly be compiled
in rsh mode.
--
Grant Taylor - gtaylor@picante.com - http://www.picante.com/~gtaylor/
Two out of three Americans believe in the existence of Satan.
37 percent say they have been tempted by the devil.
-- http://www.sfgate.com/examiner/new/stories/NEWS-13388.html
