LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-03-2005, 07:46 AM   #1
qwerty
Member
 
Registered: Feb 2005
Location: England
Distribution: Ubuntu 5.10
Posts: 80

Rep: Reputation: 15
Setting up chroot with existing users


Hello, I'm doing a group project at uni where we need to set up a linux box with ssh and ftp services on it for over 20 other groups. We want to use chroot so that once the users log in they cannot get any higher up the file system than their home directory.

I've found a how-to at http://www.tjw.org/chroot-login-HOWTO/ but it says that the users need to be added after the chroot process. Is it possible to use chroot with users that have already been set up as we have already added over 20 groups and set quotas for them etc.

Thanks
 
Old 11-03-2005, 04:29 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,172
Blog Entries: 54

Rep: Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809
Is it possible to use chroot with users that have already been set up as we have already added over 20 groups and set quotas for them etc.
Sure you can. Just set up the system and use a shell script to process all users and groups (or use a shell script that fills a chroot OTF, AFAIK PAM has some modules that can run scripts on login). BTW, for OpenSSH check the Chroot patch for ssh and Rssh. Might be interesting. If you run chroots it would be beneficial to check out the Grsecurity kernelpatch. Even if you don't use the RBAC, you'll at least gain reinforced chroots plus extra auditing capabilities. For FTP I'd suggest using an ftpd with the best track record where security is concerned: Muddleftpd. One more thing. If you're running low on space, have a look at Busybox. It provides a lot of std binaries in one executable and even though it does not support all binaries arcane flags it's matured a lot over the years providing much more than a few yrs ago.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to list existing users? stefaandk Linux - Newbie 11 04-03-2006 01:03 AM
Kick existing connected users loadedmind Linux - Security 4 07-26-2005 07:55 AM
Install with existing users?? Okie2003 MEPIS 6 06-02-2005 04:39 PM
List existing users anand_kt Linux - Newbie 3 02-28-2005 07:18 AM
Chroot users thecrab Linux - Security 6 03-03-2002 05:21 PM


All times are GMT -5. The time now is 11:41 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration