From: lonnie@outstep.com
To: Jorgen Cederlof <jc@lysator.liu.se>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Special Kernel Modification
Date: Mon, 05 Nov 2001 19:38:08 -0500 (EST) [thread overview]
Message-ID: <1005007088.3be730f0d6465@mail.outstep.com> (raw)
In-Reply-To: <20011106013456.B12540@ondska>
In-Reply-To: <20011106013456.B12540@ondska>
Thanks Jorgen,
I am sure that this will help as it looks like what I might need....
Thanks again,
Lonnie
Quoting Jorgen Cederlof <jc@lysator.liu.se>:
>
> On Sun, Nov 04, 2001 at 19:29:01 -0500, lonnie@outstep.com wrote:
>
> > From what I can see. With chrooting, I have to make a complete
> > "fake" system an then place the users below that into a home
> > directory, or make a complete "fake" system for each user.
> >
> > I was trying to find a simple solution that would allow for:
> >
> > I was initially thinking about something like this for each user:
> >
> > /system (real) /dev/hda4 (chrooted also)
> > |
> > /bin
> > /etc
> > /lib
>
> chtrunk (http://noid.sf.net/chtrunk.html) can set up the namespace
> dynamically for you. Instead of creating a complete system by hand and
> run chroot, just run (you don't need to be root):
>
> chtrunk -s /bin /etc /lib /home/user -c program_to_run
>
> This will give that program access to /bin, /etc, /lib and the home
> directory, but nothing more.
>
> You can use
>
> chtrunk -s /bin /etc /lib /home/user /tmp=/home/user/tmp -c program
>
> to give every user their own private /tmp.
>
> As a bonus, the suid/sgid bits will have no effect for these users,
> which will prevent them from becoming root through buggy suid
> programs.
>
> Jörgen
>
next prev parent reply other threads:[~2001-11-06 0:50 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-05 0:01 Special Kernel Modification Lonnie Cumberland
2001-11-05 0:19 ` Ryan Cumming
2001-11-05 0:29 ` lonnie
2001-11-05 1:04 ` Jan-Benedict Glaw
2001-11-05 3:04 ` Mike Fedyk
2001-11-06 0:34 ` Jorgen Cederlof
2001-11-06 0:38 ` lonnie [this message]
2001-11-05 0:22 ` Alan Cox
2001-11-05 0:39 ` Phil Sorber
2001-11-05 0:38 ` Rik van Riel
2001-11-05 1:04 ` Jeremy Jackson
2001-11-05 1:58 ` Jeff Dike
2001-11-05 2:14 ` Ryan Cumming
2001-11-05 4:02 ` Jeff Dike
2001-11-05 3:13 ` Ryan Cumming
2001-11-05 5:52 ` Jeff Dike
2001-11-05 5:30 ` Ryan Cumming
2001-11-05 14:22 ` Jeff Dike
2001-11-05 16:53 ` Andrea Arcangeli
2001-11-05 20:18 ` Jeff Dike
2001-11-05 19:05 ` Andrea Arcangeli
-- strict thread matches above, loose matches on Subject: below --
2001-11-05 0:37 John Weber
[not found] <E160aCK-0001Fs-00@localhost.suse.lists.linux.kernel>
[not found] ` <200111050552.AAA06451@ccure.karaya.com.suse.lists.linux.kernel>
2001-11-05 6:22 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1005007088.3be730f0d6465@mail.outstep.com \
--to=lonnie@outstep.com \
--cc=jc@lysator.liu.se \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.