Regards,
Robert Vangel <[EMAIL PROTECTED]> - Tue, Nov 02, 2004:
> Can people please be more careful when creating new messages, not to hit
> reply to a message then removing everything & starting again.
Because it breaks the natural flow of conversation.
Why is top-posting so bad?
--
Loïc
Can people please be more careful when creating new messages, not to hit
reply to a message then removing everything & starting again.
This does play up with clients that follow standards and do threading
through headers passed on by other compliant clients, rather than just
threading as-per subjec
-Original Message-
From: Vincent Tantardini <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue, 2 Nov 2004 08:03:43 +0100
Subject: ssh chroot on debian documentation
> Hello,
> I juste write a little documentation about how I create a chrooted
> environment
> for ssh
Hello,
I juste write a little documentation about how I create a chrooted environment
for ssh, you can find the doc at:
http://vince.kerneled.org/files/ssh_chroot.txt
Please, give me some comments about the method I adopt here.
Regards,
--
Vincent Tantardini <[EMAIL PROTECTED]>
Kerneled openso
until you find
a nice //support// list. :o)
:: I would like to configure bind9 with chroot on my
:: debian woody. I have referred lot of links and based
:: on that I have did the configuration. It works fine
:: except some issues, when I stop bind9, I am getting
:: the following error
:: Stopping d
Hai,
I am new for this list. I alreay posted my issue in
debian-user. But I didn't get any help.So please help
me.
I would like to configure bind9 with chroot on my
debian woody. I have referred lot of links and based
on that I have did the configuration. It works fine
except some issues,
On Sat, Mar 27, 2004 at 11:32:09PM +, Brian Brazil wrote:
I assume you meant chown, not chmod but what I said holds.
mkdir /LFS
chroot /LFS #Pretend there's a shell etc.
chown -R 0.0 * .* #There were some dotfiles
This resulted in my entire directory structure being owned by
On Sat, Mar 27, 2004 at 08:25:52PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > Of course Linux chroot is broken. Found that out after doing chown -R 0.0
> > .. in a chroot while I was compiling LFS. (Was running SuSE 7.0 at the
> > time
On Sat, Mar 27, 2004 at 11:32:09PM +, Brian Brazil wrote:
I assume you meant chown, not chmod but what I said holds.
mkdir /LFS
chroot /LFS #Pretend there's a shell etc.
chown -R 0.0 * .* #There were some dotfiles
This resulted in my entire directory structure being owned by root -
On Sat, Mar 27, 2004 at 08:25:52PM +0100, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
> > Of course Linux chroot is broken. Found that out after doing chown -R 0.0
> > .. in a chroot while I was compiling LFS. (Was running SuSE 7.0 at the
> > time
In article <[EMAIL PROTECTED]> you wrote:
> Of course Linux chroot is broken. Found that out after doing chown -R 0.0
> .. in a chroot while I was compiling LFS. (Was running SuSE 7.0 at the
> time - 2.4.19).
Well linux chroot has a limited set of capabilties. Especially it does
In article <[EMAIL PROTECTED]> you wrote:
> Of course Linux chroot is broken. Found that out after doing chown -R 0.0
> .. in a chroot while I was compiling LFS. (Was running SuSE 7.0 at the
> time - 2.4.19).
Well linux chroot has a limited set of capabilties. Especially it does
On Fri, Mar 26, 2004 at 07:53:49PM +0200, Costas Magkos wrote:
> Is there a way to test whether a chroot works? Does anyone know if the
> above syslog option is really needed? According to the man page of
> syslog it is needed.
/proc/pid/root
Of course Linux chroot is broken. Found
On Fri, Mar 26, 2004 at 07:53:49PM +0200, Costas Magkos wrote:
> Is there a way to test whether a chroot works? Does anyone know if the
> above syslog option is really needed? According to the man page of
> syslog it is needed.
/proc/pid/root
Of course Linux chroot is broken. Found
On Fri, 2004-03-26 at 18:53, Costas Magkos wrote:
[...]
> Is there a way to test whether a chroot works? Does anyone know if the
> above syslog option is really needed? According to the man page of
> syslog it is needed.
use lsof
# lsof -p [pid number of bind process]
check:
- if t
On Fri, 2004-03-26 at 18:53, Costas Magkos wrote:
[...]
> Is there a way to test whether a chroot works? Does anyone know if the
> above syslog option is really needed? According to the man page of
> syslog it is needed.
use lsof
# lsof -p [pid number of bind process]
check:
- if t
to log messages after
> it starts up. Since bind was logging just fine without this addition in
> sysklogd startup script, I' m beggining to have doubts about the
> fuctionality of the chroot.
>
> Is there a way to test whether a chroot works? Does anyone know if the
>
d in order for bind to be able to log messages
after it starts up. Since bind was logging just fine without this
addition in sysklogd startup script, I' m beggining to have doubts
about the fuctionality of the chroot.
Is there a way to test whether a chroot works? Does anyone know if the
ddition in
sysklogd startup script, I' m beggining to have doubts about the
fuctionality of the chroot.
Is there a way to test whether a chroot works? Does anyone know if the
above syslog option is really needed? According to the man page of
syslog it is needed.
Thanks in advance
~kmag
to log messages after
> it starts up. Since bind was logging just fine without this addition in
> sysklogd startup script, I' m beggining to have doubts about the
> fuctionality of the chroot.
>
> Is there a way to test whether a chroot works? Does anyone know if the
>
d in order for bind to be able to log messages
after it starts up. Since bind was logging just fine without this
addition in sysklogd startup script, I' m beggining to have doubts
about the fuctionality of the chroot.
Is there a way to test whether a chroot works? Does anyone know if the
ddition in
sysklogd startup script, I' m beggining to have doubts about the
fuctionality of the chroot.
Is there a way to test whether a chroot works? Does anyone know if the
above syslog option is really needed? According to the man page of
syslog it is needed.
Thanks in advance
~kma
Hi,
As i saw that some people uses my packages with the chroot patch for
woody, and as sarge is going to be stable in a week, a month, a year or
so ;-), I just wan't to notice that I now maintain also the "unofficial"
ssh package with chroot patch for sarge.
(those packages are
Hi,
As i saw that some people uses my packages with the chroot patch for
woody, and as sarge is going to be stable in a week, a month, a year or
so ;-), I just wan't to notice that I now maintain also the "unofficial"
ssh package with chroot patch for sarge.
(those packages are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi, I'm the maintainer of cvsd (chroot wrapper to run a cvs pserver) and I
have a question about grsec. This refers to bug report #196690 [1]. I
think this is the least inappropriate list to ask this question so here
goes.
The problem is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi, I'm the maintainer of cvsd (chroot wrapper to run a cvs pserver) and I
have a question about grsec. This refers to bug report #196690 [1]. I
think this is the least inappropriate list to ask this question so here
goes.
The problem is
Why not just use the start-stop-daemon prog that comes with debian?
Using the --chuid and --chroot flags? I've used those to start MOHAA
servers with no issues? Anyone else know if this way is actually
secure?
thanks,
steve
On Mon, 2003-06-16 at 03:22, Mario Ohnewald wrote:
> He
Why not just use the start-stop-daemon prog that comes with debian?
Using the --chuid and --chroot flags? I've used those to start MOHAA
servers with no issues? Anyone else know if this way is actually
secure?
thanks,
steve
On Mon, 2003-06-16 at 03:22, Mario Ohnewald wrote:
> He
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found
not much documentation about its intended usage. whether it
realy suits my needs, I don't know yet.
I'd like
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote:
> Not even with sudo?
Hmm, this way it will work
--
Tab
pgpNe4F7mIpKh.pgp
Description: PGP signature
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
>or
>2.) "su -s /bin/sh use
Hi,
>-Original Message-
>From: Vincent Hanquez [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 16, 2003 10:46 AM
>To: Mario Ohnewald
>Cc: debian-security@lists.debian.org
>Subject: Re: chroot, su and sudo
>
>
>On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohn
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
>
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
> or
> 2.) "su -s /bin/sh
Hello!
I want to chroot a application/gameserver.
What is the better/securest way?
1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
or
2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
execute the "start.s
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found
not much documentation about its intended usage. whether it
realy suits my needs, I don't know yet.
I'd like
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote:
> Not even with sudo?
Hmm, this way it will work
--
Tab
pgp0.pgp
Description: PGP signature
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
>or
>2.) "su -s /bin/sh use
Hi,
>-Original Message-
>From: Vincent Hanquez [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 16, 2003 10:46 AM
>To: Mario Ohnewald
>Cc: [EMAIL PROTECTED]
>Subject: Re: chroot, su and sudo
>
>
>On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
>
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
>
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
> or
> 2.) "su -s /bin/sh
Hello!
I want to chroot a application/gameserver.
What is the better/securest way?
1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
or
2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
execute the "start.s
On 30 May 2003, Jarno Gassenbauer wrote:
> P.S.: It's a pity that the syslogd socket is located
> at /dev/log and not in an own directory. A hardlink to
> /dev/log would have to be recreated after restarting
> syslogd. Mount-binding the whole /dev directory into
> the jail isn't fun either.
You c
Jarno Gassenbauer said on Fri, May 30, 2003 at 07:56:35PM +0200:
> I'm setting up a chrooted apache. All howto's I found
> _copy_ the required files into the directory that they
> later chroot into.
> Is it OK (read: safe) to use hardlinks and
> "mount --bind"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I'm setting up a chrooted apache. All howto's I found _copy_ the
> required files into the directory that they later chroot into.
> Is it OK (read: safe) to use hardlinks and "mount --bind" instead?
[snip]
> The
Hi,
I'm setting up a chrooted apache. All howto's I found
_copy_ the required files into the directory that they
later chroot into.
Is it OK (read: safe) to use hardlinks and
"mount --bind" instead?
For example, before doing
# chroot /usr/chroot/apache /usr/sbin/apachect
On 30 May 2003, Jarno Gassenbauer wrote:
> P.S.: It's a pity that the syslogd socket is located
> at /dev/log and not in an own directory. A hardlink to
> /dev/log would have to be recreated after restarting
> syslogd. Mount-binding the whole /dev directory into
> the jail isn't fun either.
You c
Jarno Gassenbauer said on Fri, May 30, 2003 at 07:56:35PM +0200:
> I'm setting up a chrooted apache. All howto's I found
> _copy_ the required files into the directory that they
> later chroot into.
> Is it OK (read: safe) to use hardlinks and
> "mount --bind"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> I'm setting up a chrooted apache. All howto's I found _copy_ the
> required files into the directory that they later chroot into.
> Is it OK (read: safe) to use hardlinks and "mount --bind" instead?
[snip]
> The
Hi,
I'm setting up a chrooted apache. All howto's I found
_copy_ the required files into the directory that they
later chroot into.
Is it OK (read: safe) to use hardlinks and
"mount --bind" instead?
For example, before doing
# chroot /usr/chroot/apache /usr/sbin/apachect
http://httpd.apache.org/docs-2.0/mod/perchild.html
I tried that one, but the child-processes directly died. As it says, work is
ongoing to make it functional.
On Wed, Mar 19, 2003 at 02:35:53PM +0100, Ralf Dreibrodt wrote:
> Paul Hampson wrote:
> >
> > You can effectively chroot php files with:
> > php_admin_value open_basedir /directory/where/files/are
> > in the Apache virtual host config. Then:
> > a) php4 won'
http://httpd.apache.org/docs-2.0/mod/perchild.html
I tried that one, but the child-processes directly died. As it says, work is
ongoing to make it functional.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Paul Hampson wrote:
>
> You can effectively chroot php files with:
> php_admin_value open_basedir /directory/where/files/are
> in the Apache virtual host config. Then:
> a) php4 won't let files outside that directory be accessed;
No:
- Hard links
- Commands executed with
gt; - chrooting virtual hosts in apache ?
> - running multiple instances of apache
> - some kind of security system with users and groups
> - using directory settings ?
You can effectively chroot php files with:
php_admin_value open_basedir /directory/where/files/are
in the Apache virtual ho
On Wed, Mar 19, 2003 at 02:35:53PM +0100, Ralf Dreibrodt wrote:
> Paul Hampson wrote:
> >
> > You can effectively chroot php files with:
> > php_admin_value open_basedir /directory/where/files/are
> > in the Apache virtual host config. Then:
> > a) php4 won'
Paul Hampson wrote:
>
> You can effectively chroot php files with:
> php_admin_value open_basedir /directory/where/files/are
> in the Apache virtual host config. Then:
> a) php4 won't let files outside that directory be accessed;
No:
- Hard links
- Commands executed with
ts in apache ?
> - running multiple instances of apache
> - some kind of security system with users and groups
> - using directory settings ?
You can effectively chroot php files with:
php_admin_value open_basedir /directory/where/files/are
in the Apache virtual host config. Then:
a) php4 wo
Hello,
I have done again my chroot environment for ssh cleanest. I have had the same
error than before so i look after problem in my /etc/passwd and /etc/group
files.
I have modified this files :
# /etc/passwd
sshd:x:100:65534::/var/run/sshd:/bin/false
me:x:101:100:,,,:/home/me/./:/bin/bash
Hello,
I have done again my chroot environment for ssh cleanest. I have had the same
error than before so i look after problem in my /etc/passwd and /etc/group
files.
I have modified this files :
# /etc/passwd
sshd:x:100:65534::/var/run/sshd:/bin/false
me:x:101:100:,,,:/home/me/./:/bin/bash
On Sat, 15 Mar 2003 20:24:04 +0100
Arnaud Fontaine <[EMAIL PROTECTED]> wrote:
> Hello everybody,
>
> I have installed a chroot environment on my web server under a Debian Woody in
> /var/services/chroot/sshs.
>
> /etc/passwd :
> sshd:x:100:6553
On Sat, 15 Mar 2003 20:24:04 +0100
Arnaud Fontaine <[EMAIL PROTECTED]> wrote:
> Hello everybody,
>
> I have installed a chroot environment on my web server under a Debian Woody in
> /var/services/chroot/sshs.
>
> /etc/passwd :
> sshd:x:100:6553
Hello everybody,
I have installed a chroot environment on my web server under a Debian Woody in
/var/services/chroot/sshs.
I have follow this documentation :
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
I have used the makejail method to do this.
Ssh inside
Hello everybody,
I have installed a chroot environment on my web server under a Debian Woody in
/var/services/chroot/sshs.
I have follow this documentation :
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
I have used the makejail method to do this.
Ssh inside
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
You may find useful the apache's suEXEC wrapper, it can be configured to be
used inside a virtualhost...
http://httpd.apache.org/docs/suexec.html
This won't work with php scripts if you have mod_php.so loaded ( the php
interpreter will run as a
I think you can setup chrooted logins for uploading files: your chroot
will run sshd (proftpd?) and users will have their homes in chroot to.
Play with home directory permisions so they have no possibility access
files they don't own.
Another way is let people upload files to other location
Hello
On Tue, Feb 25, 2003 at 10:15:15AM +0100, debian-isp wrote:
> - chrooting virtual hosts in apache ?
We had great success with a tiny tool called sbox. All CGI/PHP requests
are rewritten to "/cgi-bin/sbox?..." This sbox then looks
to the files owner and changes it's uid to the one (if it's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi
You may find useful the apache's suEXEC wrapper, it can be configured to be
used inside a virtualhost...
http://httpd.apache.org/docs/suexec.html
This won't work with php scripts if you have mod_php.so loaded ( the php
interpreter will run as a
Hi all !
I am just asking myself how to secure our webserver with a couple of virtual
hosts.
Currently we have a large installation of typo3 running. It has a feature
called fileadmin with which you can easily upload files. As it is thereby
possible to upload php scripts and execute via the b
I think you can setup chrooted logins for uploading files: your chroot
will run sshd (proftpd?) and users will have their homes in chroot to.
Play with home directory permisions so they have no possibility access
files they don't own.
Another way is let people upload files to other location
Hello
On Tue, Feb 25, 2003 at 10:15:15AM +0100, debian-isp wrote:
> - chrooting virtual hosts in apache ?
We had great success with a tiny tool called sbox. All CGI/PHP requests
are rewritten to "/cgi-bin/sbox?..." This sbox then looks
to the files owner and changes it's uid to the one (if it's
Hi all !
I am just asking myself how to secure our webserver with a couple of virtual hosts.
Currently we have a large installation of typo3 running. It has a feature called
fileadmin with which you can easily upload files. As it is thereby possible to upload
php scripts and execute via the br
On Wed, 05 Feb 2003 20:14, Benjamin Schuele wrote:
> I would like to initiate a discussion about LIDS and chroot to setup a
> secure server. In my opinion, a good customized LIDS is more reliable and
> usable then chroot because of this reasons:
>
> Time to set up
> I tooks a
On Wed, 05 Feb 2003 20:14, Benjamin Schuele wrote:
> I would like to initiate a discussion about LIDS and chroot to setup a
> secure server. In my opinion, a good customized LIDS is more reliable and
> usable then chroot because of this reasons:
>
> Time to set up
> I tooks a
Hi,
> Benjamin Schuele wrote:
>
> I would like to initiate a discussion about LIDS and chroot to setup a
> secure server.
i prefer the solution to use chroot _with_ LIDS.
Make everything you would do without chroot and chroot the process (e.g.
bind, apache, etc.).
Remove the CAP_SYS
Hi,
> Benjamin Schuele wrote:
>
> I would like to initiate a discussion about LIDS and chroot to setup a
> secure server.
i prefer the solution to use chroot _with_ LIDS.
Make everything you would do without chroot and chroot the process (e.g.
bind, apache, etc.).
Remove the CAP_SYS
I would like to initiate a discussion about LIDS
and chroot to setup a secure server.
In my opinion, a good customized LIDS is more
reliable and usable then chroot because
of this reasons:
Time to set up
I tooks a lot of time to get one programm running
in a chroot environment, and unsualy
I would like to initiate a discussion about LIDS
and chroot to setup a secure server.
In my opinion, a good customized LIDS is more
reliable and usable then chroot because
of this reasons:
Time to set up
I tooks a lot of time to get one programm running
in a chroot environment, and unsualy
On Tue, Oct 22, 2002 at 11:10:56PM +0200, Alain Tesio wrote:
# > theres also another one called jailer, but if you want to secure your
# > system, then you have to know well about it, use strace,lsof,mknod,ldd
# > and mount command to create chroot jail system manually.
#
# These are the
On Tue, Oct 22, 2002 at 11:10:56PM +0200, Alain Tesio wrote:
# > theres also another one called jailer, but if you want to secure your
# > system, then you have to know well about it, use strace,lsof,mknod,ldd
# > and mount command to create chroot jail system manually.
#
# These are the
her one called jailer, but if you want to secure your
> system, then you have to know well about it, use strace,lsof,mknod,ldd
> and mount command to create chroot jail system manually.
These are the commands makejail uses (I'm the author), except lsof.
Any interest to use lsof ? Is there any
her one called jailer, but if you want to secure your
> system, then you have to know well about it, use strace,lsof,mknod,ldd
> and mount command to create chroot jail system manually.
These are the commands makejail uses (I'm the author), except lsof.
Any interest to use lsof ? Is there any
o secure your
system, then you have to know well about it, use strace,lsof,mknod,ldd
and mount command to create chroot jail system manually.
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID -> [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 FB76 E1A8 5558 853A 4795 4FC1 4D82 9E49
`. `'
`-
o secure your
system, then you have to know well about it, use strace,lsof,mknod,ldd
and mount command to create chroot jail system manually.
Cheers,
Indra Kusuma
--
,''`. Indra{@,.}Kusuma.OR.ID -> [Security - Debian/GNU Linux - IPv6]
: :' : 0x4D829E49 - 187D 8C98 F
Javier Fernández-Sanguino Peña wrote:
> Funny ,it's the same 'makejail' does. Does jailtool know about
> Debian packages? Once of the nice things about 'makejail' is that it will
> automatically take package dependancies as source of information on which
> files to put in the 'jail'.
Yes, ja
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=jailtool&searchon=names&subword=1&version=all&release=all
Jordi
> > * Chroot
> >
> > The linux system call to jail a subtree.
> >
> > Has to be created and maintained man
On Sat, Oct 19, 2002 at 01:29:40PM +0200, Alexander Neumann wrote:
> Hi Jesus,
>
> Jesus Climent wrote:
> > * Chroot
> >
> > The linux system call to jail a subtree.
> >
> > Has to be created and maintained manually.
>
> You can try 'jail
Javier Fernández-Sanguino Peña wrote:
> Funny ,it's the same 'makejail' does. Does jailtool know about
> Debian packages? Once of the nice things about 'makejail' is that it will
> automatically take package dependancies as source of information on which
> files to put in the 'jail'.
Yes, ja
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=jailtool&searchon=names&subword=1&version=all&release=all
Jordi
> > * Chroot
> >
> > The linux system call to jail a subtree.
> >
> > Has to be created and maintained man
On Sat, Oct 19, 2002 at 01:29:40PM +0200, Alexander Neumann wrote:
> Hi Jesus,
>
> Jesus Climent wrote:
> > * Chroot
> >
> > The linux system call to jail a subtree.
> >
> > Has to be created and maintained manually.
>
> You can try 'jail
On Sat, Oct 19, 2002 at 01:29:40PM +0200, Alexander Neumann wrote:
> Hi Jesus,
>
> Jesus Climent wrote:
> > * Chroot
> >
> > The linux system call to jail a subtree.
> >
> > Has to be created and maintained manually.
>
> You can try 'jail
Hi Jesus,
Jesus Climent wrote:
> * Chroot
>
> The linux system call to jail a subtree.
>
> Has to be created and maintained manually.
You can try 'jailtool', if you like:
$ apt-cache show jailtool
[...]
Description: Tool to build chroot-jails for daemons.
Jailtoo
Hi Jesus,
Jesus Climent wrote:
> * Chroot
>
> The linux system call to jail a subtree.
>
> Has to be created and maintained manually.
You can try 'jailtool', if you like:
$ apt-cache show jailtool
[...]
Description: Tool to build chroot-jails for daemons.
Jailtoo
provides a set of
tools to work with them (even to create them).
* Chroot
The linux system call to jail a subtree.
Has to be created and maintained manually.
If anyone has experience with the solutions introduced above or has
another kind of suggestion...
The other problem is how to prepare
chrooted in Debian Potato.
>
>Check it at http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
>
>If you have some comments, please send them to me, so I can improve
> the howto. If you don't think the comments will be usefull for this
> list, then send me PTV m
I've done the same thing yesterday, but I'm not what most of you call a
real admin (I just like messing arround in *nix).
what I did, and I don't know if it is a good or even secure or correct
way, is:
1) 'mount -o bind'-ed the /etc/bind to the /etc/bind in the chroot
gt; chrooted in Debian Potato.
>
>Check it at http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
>
>If you have some comments, please send them to me, so I can improve
> the howto. If you don't think the comments will be usefull for this
> list, then send me PTV m
I've done the same thing yesterday, but I'm not what most of you call a
real admin (I just like messing arround in *nix).
what I did, and I don't know if it is a good or even secure or correct
way, is:
1) 'mount -o bind'-ed the /etc/bind to the /etc/bind in the chroot
Hi Folks,
I wrote a simple step by step howto to help people to setup bind8
chrooted in Debian Potato.
Check it at http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
If you have some comments, please send them to me, so I can improve
the howto. If you don't think the comments
Ok, I see, seems like the kernel(s) should forbid to use the chroot
syscall again if a process has already a changed root. :-) Or better
maybe introduce a chroot capability? Hmmm.. there IS a chroot
capability in linux2.4 as listed in include/linux/capability.h! So it
seems at least under
Ok, I see, seems like the kernel(s) should forbid to use the chroot
syscall again if a process has already a changed root. :-) Or better
maybe introduce a chroot capability? Hmmm.. there IS a chroot
capability in linux2.4 as listed in include/linux/capability.h! So it
seems at least under
Alan Shutko <[EMAIL PROTECTED]> writes:
> It was really talking about syscalls, not commands. While the chroot
> command (chroot(3)) changes the working dir to the chrooted tree, the
> syscall does not.
For more discussion of this, see
http://www.bpfh.net/simes/computing/ch
1 - 100 of 191 matches
Mail list logo
