> I have look into using things like "chroot" to restrict the users for
> this very special server, but that solution is not what we need.
It sounds like it is to me
> My problem is that I need to find a way to prevent the user from
> navigating out of their home directories.
Then you must put al the files in their home directories. Alternatively
with later 2.4 you can use bind mounts to remount the application file
systems below the user.
> Is there someone who might be able to give me some information on how I
> could add a few lines to the VFS filesystem so that I might set some
> type of extended attribute to prevent users from navigating out of the
> locations.
It isnt down to attributes - how you can run a binary or load a shared
library you cant see.
You might also want to see http://www.nsa.gov/selinux, but that would
require a lot of careful policy setup
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 07 2001 - 21:00:24 EST