Grzegorz 'Silk' Sobański wrote:

> Ok, i have that now, in user dir he has /bin an hardlinks
> to binaries.

Hardlinking is probably not a good idea.  You want actual separate
copies of only the binaries that are necessary for all functions to be
run within the chroot() jail.  The whole point is to de-couple that
space from the rest of the filesystem as much as possible.

> But I don't know what user should be owner of that /bin
> I can set it to that user, but he could accidentialy remove
> that directory, and maybe something else stupid :)
>
> Or I can set it to some "master" user - "jail". He would
> then own all /home/XXX/bin direcotries.
>
> And I don't know which one is better for security resons?

The way I've seen chroot() jails set up before, they keep the ownerships
(and permissions) of the original files, as applicable.

--
Devin L. Ganger