Re: chroot-ing users coming in via SSH and/or SFTP?
At 03:19 PM 12/20/2004, Nigel Houghton wrote:
>Take a look at the Jail project, you'll find it here...
>
> http://www.jmcresearch.com/projects/jail/
>
>..and in ports/sysutils/ along with some other jail tools, it may
>provide some of the features you are looking for.
Looks useful. (Shame it's GPLed.) In any case, it seems to me that
creation of a jail the way this tool does it (and the way most people
have to do it in general) requires a lot of redundant copies of files.
Wouldn't it be neat if there were a type of link (not quite soft, not
quite hard; call it "firm") that would let you link to the current
master copies of executables (rather than copying them) but not
let the inmates out of their jails? Hard links have the disadvantage
that they're broken when you upgrade an executable; soft links can't
be used because, well, you're in a jail. The type of link I have in
mind would be symbolic but resolved by the system behind the scenes;
from inside the jail it wouldn't look like a link.
--Brett
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 7 之 9 篇):