Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm running redhat 9. along with vsftpd, i'm running httpd samba, and a telnet server. I have certain hard disks just for the samba shares. What i wanted to do was make links in my user's home dirs to allow them to ge to these shares.
Right now, everyone is chrooted to their home dirs for security reasons. I refuse to even think about letting them out.
The other option i found was to just change their home dir to these shares. personally, i think this is retarted and lazy. it doens't solve the problem if you have multiple shares, and it forces everyone into one big orgy of files that may belong to other users.
From what i read, because i chrooted all users to their home dir, i can't use sym link to give them access to other folders.
how do i users the ability to go to other folders that aren't actually in their home? thank you all for your time.
Well, the reason i use telnet is to that if i need to access my server settings (god forbid) i can do it on the fly without the need to download an ssh client (i don't know that much about ssh, and from what i've seen, you need a client to connect....correct me if i'm wrong). How else can i keep a user traped in a home dir and give them access to other files such as my mnt dir? is there anyway to trap a user in a dir without chroot then?
oh, and btw (not to be rood)....just telling me that what i want to do is against chroot isn't really that helpful...it solves nothing and leaves me with nothing that will help me solve this problem. i wish that the feed back had been a little better, ie. "that's against chroot, but you can...." or "well, the alternative would be...." It's totally useless to just post "oh, that won't work" if you don't give any direction
One clear answer: type putty in google, download the putty ssh client, and use it.
It is just as telnet, but encrypted. Putty is a simple executable, small, and easy to use. And there is usually a ssh client and server on every linux distro, installed by default. I don't think there is a good reason to use telnet, especially for admin tasks, where you must login as root.
Second answer: chrooting is allowing a user to see only his chroot and below. He has not even the knowledge of the rest.
I don't want to be rude either, but we don't waste our time telling people that something is impossible. If we had known any solution, we would have told you.
Saying that it is against chroot's definition is a simple and gentle way to say that it is not feasible, considering the facts you provided us with and whatever other facts that we could have tought of.
well, i think i made it clear what i want to do. I want the user to be kept in a certain dir, while allowing them acces to certain folders outside of their home dir. is there any way to do this (wether it uses chroot or not)? the reason i'm asking is because while on other ftp sites (mainly those who distribute redhat linux), i noticed that some of the folders aren't really folders, but some type of shortcut or link. I find it hard to believe that the concept of what i'm describing is totally feasible.
So what you are saying is that you want the User to *ONLY* have access to their home directories, but you want them to *ALSO* have access to samba shares.
What you are asking for is impossible under chroot. Chroot makes it so the all the filesystem a user sees is is the Jail, reaching beyond the jail is not allowed which is why a symlink won't work.
However, what you want is user security while allowing access to certain files:
You can just do a hell of a job securing your regular filesystem Hierarchy, really limit what a user can see and do.
You can run samba and a simplified version of the dir hierarchy in your chroot environment.
You can run a Usermode Linux Kernel/system so your users don't directly log into your system, they log into a virtual system. Security is better than chrooting, and you could run samba on the same virtual maching giving access.
i'd like to be able to do what bstempi is describing also. however, i've been studying the problem for a couple days now and i have pretty much reached the same conclusions skwirlmaster put forth. so why am i posting, you might ask?
well, this discussion reminds me of an itching, burning sensation that's been troubling my mind reading the vsftpd.conf man page, it says that chrooting users is a security risk. to me (yes, i'm a *nix novice), this is counter-intuitive. i would think 'jail'ing or locking a user into their home directory so that they can access nothing else...is pretty darn secure. can someone explain how chroot-jailing users is a security risk? tia!