chroot
Jos Vos
jos at xos.nl
Wed Nov 19 07:25:58 UTC 2003
On Wed, Nov 19, 2003 at 01:10:03AM -0500, Justin Zygmont wrote:
> I don't understand why this command is really necessary, if you need
> chroot capability, then the safer way would be to set their shell to the
> file that contains the script.
Not true. Chroot-ing Apache, for example, makes that someone
using a hole in Apache still can't do anything outside its root.
Most ftp daemons chroot internally for guest users too.
Ideally, you could run any service in a separate chroot, but setting
it up (with all the needed shared libs and tools) is non-trivial.
See <http://www.onlamp.com/pub/a/bsd/2003/01/23/chroot.html> for
an example, maybe that gives a better view of this often
underestimaded UNIX feature, existing since ages.
--
-- Jos Vos <jos at xos.nl>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
More information about the fedora-list
mailing list