On 20:30 05 Nov 2003, John Haxby <jch@xxxxxxxxxxxxxxx> wrote: | Shrike List wrote: | >Is it possible to chroot users in there home directorie and jail them | >there so they can't get out of this directorie, if so how? | | There's a "chroot" command that you could put in /etc/profile and have | it triggered for the users you want to chroot. Of course, that means it may not work if the user interrupts things early. And it won't have effect for "ssh host command", because that doesn't run /etc/profile at all. A better approach would be to write a small C program to do the chroot then exec a login shell, and make that the user's "login shell". | Bear in mind, however, | that a chroot'd environment means that everything is chroot'd -- | commands, shared libraries, /etc/resolv.conf, the lot. It's very hard | to set up a limited environment (well, it was when I tried it once) -- | and even harder to be sure there's nothing in that environment that you | wouldn't like. [...] All this I agree with. Chroot's quite fiddly if you're trying to still give the user something semiuseful. It's a lot better for daemons because they want to do so little. Cheers, -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ You can fool too many of the people too much of the time. - James Thurber -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
