Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I've searched and searched and this seems like such a common need - so many people looking for a solution and no good answer.
I want to let users log in to a shell account, but I don't want them to be able to move out of their home directory.
I've tried jailkit and makejail, to no great success. I am running fedora core 2.
If I have users tom, dick, and harry and their home directories are:
I would prefer to be able to keep tom from making it out of his directory, dick from his, harry from his.
I am willing to give them all access to /home as their root. I would prefer NOT having to move all the sbin binaries to their directories so they can run things.... I just don't want them to browse the system. I feel like if I use this method I will leave something out that is needed or create another hole.
If this is a complete impossibility - is there a good way to create a "machine within a machine" where users *could* login and have access to an entire filesystem that runs seemingly independent of the main system?
thanks in advance, I've been fighting with this for days.
Last edited by coloradopaul; 09-16-2004 at 10:37 PM.
Have you tried the Jail Chroot Project. It has a utility that automagically copies over any needed bins and libs for most standard user utils, though you still have to copy over any additional special software with the addjailsw utility. It's fairly easiy to setup and configure as well.