Hello Ryan,
>From what I can see. With chrooting, I have to make a complete "fake" system an
then place the users below that into a home directory, or make a complete "fake"
system for each user.
I was trying to find a simple solution that would allow for:
I was initially thinking about something like this for each user:
/system (real) /dev/hda4 (chrooted also)
|
/bin
/etc
/lib
/home (each user chrooted)
|
/user1
| |
| /system (mounted /dev/hda4)
| |
| /bin
| /etc
| /lib
|
/user2
| |
| /system (mounted /dev/hda4)
| |
| /bin
| /etc
| /lib
|
/user n
|
/system (mounted /dev/hda4)
|
/bin
/etc
/lib
The basic problem is that I did not want, for example "user2" to be able to "cd
.." or some thing to go out of user2
I was hoping to be able to accomplish this at the filesystem level somehow, and
possibly without the need to mount the /dev/hda4 onto each /home/user/system, or
without having to make entire copies of the chrooted environment for each user.
Cheers,
Lonnie
Quoting Ryan Cumming <bodnar42@phalynx.dhs.org>:
> On November 4, 2001 16:01, Lonnie Cumberland wrote:
> > I have look into using things like "chroot" to restrict the users
> for
> > this very special server, but that solution is not what we need.
> ....
> > Is there someone who might be able to give me some information on how
> I
> > could add a few lines to the VFS filesystem so that I might set some
> > type of extended attribute to prevent users from navigating out of
> the
> > locations.
>
> I fail to see the difference between "chroot" and "preventing users from
>
> navigating out of locations". Would you care to clarify what was wrong
> was
> chroot that you believe you can solve with a different approach?
> -Ryan
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 07 2001 - 21:00:24 EST