From: lonnie@outstep.com
To: Ryan Cumming <bodnar42@phalynx.dhs.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Special Kernel Modification
Date: Sun, 04 Nov 2001 19:29:01 -0500 (EST) [thread overview]
Message-ID: <1004920141.3be5dd4db68a0@mail.outstep.com> (raw)
In-Reply-To: <3BE5D6EC.8040204@outstep.com> <E160XU3-00012T-00@localhost>
In-Reply-To: <E160XU3-00012T-00@localhost>
Hello Ryan,
>From what I can see. With chrooting, I have to make a complete "fake" system an
then place the users below that into a home directory, or make a complete "fake"
system for each user.
I was trying to find a simple solution that would allow for:
I was initially thinking about something like this for each user:
/system (real) /dev/hda4 (chrooted also)
|
/bin
/etc
/lib
/home (each user chrooted)
|
/user1
| |
| /system (mounted /dev/hda4)
| |
| /bin
| /etc
| /lib
|
/user2
| |
| /system (mounted /dev/hda4)
| |
| /bin
| /etc
| /lib
|
/user n
|
/system (mounted /dev/hda4)
|
/bin
/etc
/lib
The basic problem is that I did not want, for example "user2" to be able to "cd
.." or some thing to go out of user2
I was hoping to be able to accomplish this at the filesystem level somehow, and
possibly without the need to mount the /dev/hda4 onto each /home/user/system, or
without having to make entire copies of the chrooted environment for each user.
Cheers,
Lonnie
Quoting Ryan Cumming <bodnar42@phalynx.dhs.org>:
> On November 4, 2001 16:01, Lonnie Cumberland wrote:
> > I have look into using things like "chroot" to restrict the users
> for
> > this very special server, but that solution is not what we need.
> ....
> > Is there someone who might be able to give me some information on how
> I
> > could add a few lines to the VFS filesystem so that I might set some
> > type of extended attribute to prevent users from navigating out of
> the
> > locations.
>
> I fail to see the difference between "chroot" and "preventing users from
>
> navigating out of locations". Would you care to clarify what was wrong
> was
> chroot that you believe you can solve with a different approach?
> -Ryan
>
next prev parent reply other threads:[~2001-11-05 0:42 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-05 0:01 Special Kernel Modification Lonnie Cumberland
2001-11-05 0:19 ` Ryan Cumming
2001-11-05 0:29 ` lonnie [this message]
2001-11-05 1:04 ` Jan-Benedict Glaw
2001-11-05 3:04 ` Mike Fedyk
2001-11-06 0:34 ` Jorgen Cederlof
2001-11-06 0:38 ` lonnie
2001-11-05 0:22 ` Alan Cox
2001-11-05 0:39 ` Phil Sorber
2001-11-05 0:38 ` Rik van Riel
2001-11-05 1:04 ` Jeremy Jackson
2001-11-05 1:58 ` Jeff Dike
2001-11-05 2:14 ` Ryan Cumming
2001-11-05 4:02 ` Jeff Dike
2001-11-05 3:13 ` Ryan Cumming
2001-11-05 5:52 ` Jeff Dike
2001-11-05 5:30 ` Ryan Cumming
2001-11-05 14:22 ` Jeff Dike
2001-11-05 16:53 ` Andrea Arcangeli
2001-11-05 20:18 ` Jeff Dike
2001-11-05 19:05 ` Andrea Arcangeli
2001-11-05 0:37 John Weber
[not found] <E160aCK-0001Fs-00@localhost.suse.lists.linux.kernel>
[not found] ` <200111050552.AAA06451@ccure.karaya.com.suse.lists.linux.kernel>
2001-11-05 6:22 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1004920141.3be5dd4db68a0@mail.outstep.com \
--to=lonnie@outstep.com \
--cc=bodnar42@phalynx.dhs.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).