Thanks Jorgen,
I am sure that this will help as it looks like what I might need....
Thanks again,
Lonnie
Quoting Jorgen Cederlof <jc@lysator.liu.se>:
>
> On Sun, Nov 04, 2001 at 19:29:01 -0500, lonnie@outstep.com wrote:
>
> > From what I can see. With chrooting, I have to make a complete
> > "fake" system an then place the users below that into a home
> > directory, or make a complete "fake" system for each user.
> >
> > I was trying to find a simple solution that would allow for:
> >
> > I was initially thinking about something like this for each user:
> >
> > /system (real) /dev/hda4 (chrooted also)
> > |
> > /bin
> > /etc
> > /lib
>
> chtrunk (http://noid.sf.net/chtrunk.html) can set up the namespace
> dynamically for you. Instead of creating a complete system by hand and
> run chroot, just run (you don't need to be root):
>
> chtrunk -s /bin /etc /lib /home/user -c program_to_run
>
> This will give that program access to /bin, /etc, /lib and the home
> directory, but nothing more.
>
> You can use
>
> chtrunk -s /bin /etc /lib /home/user /tmp=/home/user/tmp -c program
>
> to give every user their own private /tmp.
>
> As a bonus, the suid/sgid bits will have no effect for these users,
> which will prevent them from becoming root through buggy suid
> programs.
>
> Jörgen
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Nov 07 2001 - 21:00:28 EST