Hi Guys,

I'm looking for a way to have my users log in to my server (Cetos 5) and get a secure shell in which they could compile their own code, with as less privileges granting as possible.
A sort of sandbox for them to write in...
Now I've heard of chroot, and I'd like to know if anyone has tried it for this sort of purpose, and of course any other ideas will be much appreciated.

Thanks a lot,
Johnny

Just have them compile their own code, within their own home directories.
Maybe they'll have to add /home/username/bin/ to their $PATH if they would like an easy life. But that's up to them.

This is the way linux is set up as the default behaviour: Any user can compile and install (to their ~/* ) anything, but they cannot install it to the system, or have it seen or executed by other users unless they have root privileges.

So all users should already be in a "sandbox" unless you have granted them further privileges or messed about with your default installation.

You do not need chroot and I think you do not understand the purpose of chroot

Please read about it.

0 members found this post helpful.

ditto above

They just need to login. Problem solved

0 members found this post helpful.

Hi,

I have found a great article about the chroot command. Maybe it's helpful for you.
Here it is: http://unixwiz.net/techtips/chroot-practices.html
If you need general help with Linux, give http://www.tldp.org/ a try.

Greetings,

invalidid

1 members found this post helpful.

OK, what I forgot to write is that the code that we write requires root permissions to run, and all of our developers need to run it after working on it.
So the question still stands:
I need an environment that I can give my users root permissions but yet not really give them root to all of the server.
So ?

Thanks,
Johnny

Looks like you need to use sudo to give them permissions for just that program.

If they're writing the code, forget it. They can break out anytime they want...
If you can't trust them, either buy some cheap boxes for them to work on, or create a VM for each Dev.

whats the smallest distro I can give them on each VM box ?
and no ideas other then VM the whole box?

Thanks,
Johnny

Have you considered VMWare? I'm thinking, create a virtual machine on a server for each developer, and give that developer root privileges to that virtual machine. They can run the program there to test it, and it will do whatever it's designed to to IN THAT VIRTUAL MACHINE, but it will not be able to affect the hosting server or any other virtual machine on that server.

Why not run the server as a code repository and have then develop the code on their own hosts?

VMs are a decent solution, provided you do the proper capacity planning. Just slapping a bunch of VMs on a piece of hardware can result in some serious performance problems if you haven't bothered to figure out how hard the VMs are going to be used.

Unless there is some reason to run the code on a specific box, I think this is my favorite solution.

Well first, about the VM, what sort of planning do you mean?
Second, about developing on their own host, we do not allow to have the code on the local box.

Still, goes to the former question: what is the most basic distro to run for development (c++,java) on the VM?

I mean that you need to look into how many VMs your hardware can support without running into unacceptable performance issues. Each VM will require RAM, disk space and CPU cycles. One of the places I work has a tendency to just stand up VMs regardless of how many are already running on a given bit of hardware. The result is that all of the VMs are largely useless because each one doesn't get enough RAM or CPU time. VMs are good at maximizing hardware usage, but they also make it much easier to max out hardware.


I don't think it really matters as the most common/popular distros are all going to be more or less the same. I'd put more emphasis on what distro you're more comfortable managing or which one your developers are more comfortable using.