Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can you explain how your process view parent folders? Are you using some tricks, maybe hardlinks (they are not "jailed") or just normal operation? chroot is not very secure if you want separate environment for your process.
Maybe you will be interested about lxc (linux containers), which has better separation from real system and is more configurable.
I use a simple C or Shell program, that will list the parent folder.
I mean, for example, in a shell script :
Code:
ls ../ # Here the hacker can view all the files that he shouldn't be able to view
But yes, i'll take a look about lxc.
But is it good for hosting ?
Because what I want to do is to host some friends (3~4), so I don't wan't to have many users, groups, etc. for each friends to host.
So, it is something wrong here. Are you sure your program is running inside a chroot? Can you copy and paste here your chroot command and its output?
Quote:
But is it good for hosting ?
Sorry, but I don't known what you mean by "hosting". It is generally better then chroot, but also more complicated (it needs preparation, proper permissions, correct kernel) you should read about it, but I think that chroot will be sufficient for you - when you finally solve this problem.
Maybe you need to change directory to "/home/usr/xxx" before chroot, this is necessary to chroot work properly. But I always thinked that this is done by "chroot" command. Check this. Also can you write what distribution and version you have?
If you need one line use semicolons ";" to separate commands or make script for this.
getpwuid() can't identify your account!
How can I do to make it indentify my account ?
Sorry, I don't known what this message means. Probably you did not copied sufficient data to chroot environment (/etc/passwd, /var/log/utmp, /dev... etcetera). Anyway, why you use "screen" if you only want to run a game server?
Quote:
But here, all cmds executed after chroot . isn't called.
This will not work as you expected. When you execute chroot, the shell or other program is started and waiting. After it quits, then next lines of this script will be executed. So you must run your program as chroot argument.
Quote:
I made a bash script :
#!/bin/bash
cd /home/my/repertory
chroot . ./my_process
This doesn't work. My screen close instantly after been started.
You did not mentioned and I don't known now. Can you specify. If this script work without "screen"? And you have only problem with screen executed into chrooted environment?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.