[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] Re: K12OSN Digest, Vol 37, Issue 45





Subject:
Re: [K12OSN] chroot
From:
Les Mikesell <les futuresource com>
Date:
Wed, 21 Mar 2007 12:54:03 -0500
To:
"Support list for open source software in schools." <k12osn redhat com>
To:
"Support list for open source software in schools." <k12osn redhat com>

xmechanic wrote:

Thank you for your replys.  The way the file system was laid out, I was under the impression that the users would be chrooted into the /opt/ltsp/i386 directory. I'm still a little hazy on the concept of why a terminal user would be able to move to directorys above /opt/ltsp/i386, since that's the only directory that's 'exported', besides the r/o fonts directorys in /usr/** & the swap files Also, in the issue with version 6.0 not working, I tried disabling SElinux and when I did, it evidently broke something, because the system then took like 15 minutes to boot after that. I know files need to be relabeled on reboot, but this was every reboot thereafter, so I finally sidelined it and eventually re-installed the system with Ver. 5.0.  I would still like to know if there is an easy way to chroot a user to his/her directory, yet still be able to access all programs, etc. Thanks again for your help!

No, you can't chroot and still execute programs you can't access. Is there some reason you want a chroot environment?   Multiuser unix systems have worked this way for decades even in hostile environments like schools without many problems.
Thanks Les,
  I was just working on the principle that if they can't 'see' the directories above their own, they wouldn't be of any interest. As long as they aren't writable by a particular user, I guess it's not an issue. In the meantime, I'm working on 'user templates', adding and subtracting menu items and desktop arrangements to suit different user groups and grade levels, so that when I create a new user, say for the 'ElemStudents' group, I can just re-name the directory and drop the complete directory structure into the /home folder and all the correct programs and settings are already set. :-) Just another little time saver.

Dave Land
Land Computer Service
-- 
TARDIS Express, When it absolutely, positively *has* to arrive before you mail it.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]