Re: Special Kernel Modification

Mike Fedyk (mfedyk@matchmail.com)
Sun, 4 Nov 2001 19:04:46 -0800


On Sun, Nov 04, 2001 at 07:29:01PM -0500, lonnie@outstep.com wrote:
> Hello Ryan,
>
> >From what I can see. With chrooting, I have to make a complete "fake" system an
> then place the users below that into a home directory, or make a complete "fake"
> system for each user.

> The basic problem is that I did not want, for example "user2" to be able to "cd
> .." or some thing to go out of user2
>
> I was hoping to be able to accomplish this at the filesystem level somehow, and
> possibly without the need to mount the /dev/hda4 onto each /home/user/system, or
> without having to make entire copies of the chrooted environment for each user.
>

Chroot will allow you to keel a user within a certain directory tree, and as
long as you use hard links on the same FS, you won't waste much space for
each chroot...

Also, why don't you want the users to be able to see the executable
directories? They're only writable by root, right?

If you set each user's home directory to mode 0700 no other user will be
able to cd into that dir...

The real question is why do you want to split each user so much?

Mike
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/