On Sun, 20 Aug 2000, Robert Waldner wrote: > I have a bunch of luser-accounts on one of my boxes, what I want is to > restrict them to their home-dir, with only very special exceptions.
You probably want to use rsh, the restricted shell (as opposed to rsh the remote shell). > Any hints? iirc there is a way to set the root-dir to some other than / > , but what?s the command/utility for that? chroot. But chroot removes the entire portion of the filesystem above where you chrooted to, so your chroot environment has to have its own /usr/bin, its own libraries, its own /etc files... it has to be a fully functioning system in its own right. The most common use for chroot is for anonymous FTP, which is probably the very minimum chroot environment that works. Chroot doesn't guarantee security, as setuid programs within the chroot environment can still give root access, and users can still communicate with non-chroot processes normally. And it is not trivial, but usually pretty easy, for someone getting root access within a chroot "jail" to get out of it again. The restricted shell can allow you to control precisely what a user does, which can provide a different sort of security.
