From: Mike Fedyk <mfedyk@matchmail.com>
To: lonnie@outstep.com
Cc: Ryan Cumming <bodnar42@phalynx.dhs.org>, linux-kernel@vger.kernel.org
Subject: Re: Special Kernel Modification
Date: Sun, 4 Nov 2001 19:04:46 -0800 [thread overview]
Message-ID: <20011104190446.B16017@mikef-linux.matchmail.com> (raw)
In-Reply-To: <3BE5D6EC.8040204@outstep.com> <E160XU3-00012T-00@localhost> <1004920141.3be5dd4db68a0@mail.outstep.com>
In-Reply-To: <1004920141.3be5dd4db68a0@mail.outstep.com>
On Sun, Nov 04, 2001 at 07:29:01PM -0500, lonnie@outstep.com wrote:
> Hello Ryan,
>
> >From what I can see. With chrooting, I have to make a complete "fake" system an
> then place the users below that into a home directory, or make a complete "fake"
> system for each user.
> The basic problem is that I did not want, for example "user2" to be able to "cd
> .." or some thing to go out of user2
>
> I was hoping to be able to accomplish this at the filesystem level somehow, and
> possibly without the need to mount the /dev/hda4 onto each /home/user/system, or
> without having to make entire copies of the chrooted environment for each user.
>
Chroot will allow you to keel a user within a certain directory tree, and as
long as you use hard links on the same FS, you won't waste much space for
each chroot...
Also, why don't you want the users to be able to see the executable
directories? They're only writable by root, right?
If you set each user's home directory to mode 0700 no other user will be
able to cd into that dir...
The real question is why do you want to split each user so much?
Mike
next prev parent reply other threads:[~2001-11-05 3:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-05 0:01 Special Kernel Modification Lonnie Cumberland
2001-11-05 0:19 ` Ryan Cumming
2001-11-05 0:29 ` lonnie
2001-11-05 1:04 ` Jan-Benedict Glaw
2001-11-05 3:04 ` Mike Fedyk [this message]
2001-11-06 0:34 ` Jorgen Cederlof
2001-11-06 0:38 ` lonnie
2001-11-05 0:22 ` Alan Cox
2001-11-05 0:39 ` Phil Sorber
2001-11-05 0:38 ` Rik van Riel
2001-11-05 1:04 ` Jeremy Jackson
2001-11-05 1:58 ` Jeff Dike
2001-11-05 2:14 ` Ryan Cumming
2001-11-05 4:02 ` Jeff Dike
2001-11-05 3:13 ` Ryan Cumming
2001-11-05 5:52 ` Jeff Dike
2001-11-05 5:30 ` Ryan Cumming
2001-11-05 14:22 ` Jeff Dike
2001-11-05 16:53 ` Andrea Arcangeli
2001-11-05 20:18 ` Jeff Dike
2001-11-05 19:05 ` Andrea Arcangeli
-- strict thread matches above, loose matches on Subject: below --
2001-11-05 0:37 John Weber
[not found] <E160aCK-0001Fs-00@localhost.suse.lists.linux.kernel>
[not found] ` <200111050552.AAA06451@ccure.karaya.com.suse.lists.linux.kernel>
2001-11-05 6:22 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011104190446.B16017@mikef-linux.matchmail.com \
--to=mfedyk@matchmail.com \
--cc=bodnar42@phalynx.dhs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lonnie@outstep.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.