Jump to content
  • Advertisement
Sign in to follow this  
Eken

Chrootjail

This topic is 4813 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I am configuring a server right now and security is the current step. For the first I was trying to have /bin/rbash instead of /bin/bash for every user so their account was very limited. I did so their home dir was /home/user/public_html but when I tried to access their homesite through http://ip/~user I couldn't see their stuff. Now I heard that chrootjail was alternative instead of rbash. Do someone know here where I can get a good manual to chroot or if someone can explain how to do it.

Share this post


Link to post
Share on other sites
Advertisement
read the openBSD manuals for apache, it does a chroot jail by default so it's a good place to start.

Share this post


Link to post
Share on other sites
Eken,

Another option would be looking into using jails (that is for FreeBSD, but linux has something very similar but alas I forget what its called). Just a brief overview, a jail is basically an entire OS running inside another OS. Its really ideal to use something like this for a couple of major reasons: They can crack that su password for the jail, but they still won't have the root for the main machine (ie layers to get to the root machine); If it does get hacked and fubared, just restart the jail; Also, its practically impossible to get root on the physical machine from a jail; You can create multiple jails, so you can have one jail with your apache server, and another one running a mail server, etc. The only difference I know of between FreeBSD's jails and the linux brand is that in FreeBSD you can run any kernel less than the one on the current machine. This is very cool, and i'll give you a for instance: If you originally had a server running the very stable 4.x branch, you can create a jail and have this perform appropriately. If you want to update to the 5.x, you can create another jail (and since it has its own ip address, you can configure your setup so the two don't conflict but you can still test) and have it run a 5.x and setup that portion of the server appropriately. The documentation for it is all in the handbook and its pretty simple to understand.

-brad

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!