Re: chroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Nov 19, 2003 at 01:10:03AM -0500, Justin Zygmont wrote:

> I don't understand why this command is really necessary, if you need 
> chroot capability, then the safer way would be to set their shell to the 
> file that contains the script.  

Not true.  Chroot-ing Apache, for example, makes that someone
using a hole in Apache still can't do anything outside its root.
Most ftp daemons chroot internally for guest users too.

Ideally, you could run any service in a separate chroot, but setting
it up (with all the needed shared libs and tools) is non-trivial.

See <http://www.onlamp.com/pub/a/bsd/2003/01/23/chroot.html> for
an example, maybe that gives a better view of this often
underestimaded UNIX feature, existing since ages.

-- 
--    Jos Vos <[email protected]>
--    X/OS Experts in Open Systems BV   |   Phone: +31 20 6938364
--    Amsterdam, The Netherlands        |     Fax: +31 20 6948204




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux