Hosting Provided By

Re: chroot

From: Tim Greer <chatmaster(at)charter.net>
Date: Wed Jul 02 2003 - 20:10:50 EDT

Also, in regards to false security, chrooting shell doesn't do much good if you allow for things like email forwarders with the ability to pipe to programs, if you have a web server with SSI, CGI, PHP, ASP, JSP, etc. With the right permissions and set up, you should be able to allow for user's to have shell accounts without the need to jail them and not worry about user's snooping other user's files, and definitely not anything they shouldn't have access to view, run or do. This is a good point about false sense of security with chrooting shell access.

--
Regards,
Tim Greer  chatmaster@charter.net
Server administration, security, programming, consulting.


----- Original Message -----
From: "John Palmieri" 
To: "Krug, Robyn # ATLANTA" 
Cc: 
Sent: Wednesday, July 02, 2003 1:31 PM
Subject: RE: chroot

> On Wed, 2003-07-02 at 14:09, Krug, Robyn # ATLANTA wrote:


directory, BUT you can use rksh (restricted korn shell) to jail them in
their home directory.

> >

> > Hope this helps,

> >

> > -R

> Are you sure?  I use rbash and all it does is restrict commands like cd.


I can still use ls, vi, rm

> cp and other commands with absolute paths to get at files outside my home


directory.  Also

> since cd is restricted I can not cd into directories in my own home


their

> > home dirctory?

> >

> > tia,

> > cmc

Received on Thu Jul 3 01:23:57 2003

This message: [ Message body ]
Next message: Farid Hamjavar: "stats for sftp-server"
Previous message: Thomas Weißmüller: "Re: chroot"
In reply to John Palmieri: "RE: chroot"
Next in thread: Thomas Weißmüller: "Re: chroot"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:00 EDT