Subject: Re: chroot(2)
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 10/05/1998 08:48:03
On Oct 4, der Mouse wrote
> Not necessarily true. If you've set up a shadow system (say you're
> testing a new userland), you may have some services in inetd set up to
> chroot to the new tree before running their daemons...in which case you
> more or less *need* the new system to behave as much like a real system
> as possible, including having set-id binaries work.
YES ! On my firewall, I run inetd in a chrooted env (with limited /dev,
limited binaries, etc ... of course all chflag'ed, kernel security level
is 2). This way, all network users have a limited environement. But I want,
when I log in from the network, to be able to su. I don't want to have to go
to the console to update /chroot/etc/master.passwd !
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr