Special Kernel Modification Results

Special Kernel Modification Results

[lonnie]

Hello All,

I just wanted to say thanks to everyone for the help and I think that I will be
able to figure out some nice solution based upon all of the suggestions given to me.

Originally I thought that this might be a kernel issue in that we could make a
filesystem to handle this problem, but now I see that there has to be another
solution.

It is nice that in Linux a person can easily set permissions to prevent someone
from entering a particular directory, but for the special projects when you want
to somehow confine them to their HOME directory then the standard permissions
are somewhat illsuited for the task.

There is always the problem of being able to see the binaries from the users
directories if you were to lock them in.

In any case, I am thinking that a combination of chroot and hard-links might do
the trick.

Thanks again to all,
Lonnie 

Re: Special Kernel Modification Results

[H. Peter Anvin]

Followup to:  <1004926188.3be5f4ec7e622@mail.outstep.com>
By author:    lonnie@outstep.com
In newsgroup: linux.dev.kernel
> 
> It is nice that in Linux a person can easily set permissions to
> prevent someone from entering a particular directory, but for the
> special projects when you want to somehow confine them to their HOME
> directory then the standard permissions are somewhat illsuited for
> the task.
> 
> There is always the problem of being able to see the binaries from
> the users directories if you were to lock them in.
> 
> In any case, I am thinking that a combination of chroot and
> hard-links might do the trick.
> 

Either that, or chroot and vfsbinds (mount --bind), which might
actually serve you better (no one-filesystem limit.)

	-hpa

-- 
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
http://www.zytor.com/~hpa/puzzle.txt	<amsp@zytor.com>