Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Technical Support _ Keeping things safe

Posted by: {XN}Boylett Dec 14 2008, 05:34 AM

Hi

I'm wondering, is there a way to run programs as 1 user, but not allow them to change directory and view directories higher than themselves?

So, for example:

I start a program in /home/blah
That program can access any files and folders in the /home/blah directory, however, it can't go up a directory.

Thanks.

Posted by: michaelk Dec 14 2008, 08:50 AM

http://www.jmcresearch.com/projects/jail/

Google for chroot

Posted by: {XN}Boylett Dec 14 2008, 10:50 AM

Hi

Thanks for reply.

I tried using chroot, but it keeps telling me "No such file or directory"

chroot /home/user ./start.sh

and start.sh contains:
#!/bin/sh
nohup ./server &

Posted by: michaelk Dec 14 2008, 11:08 AM

Try replacing ./ with the complete path.

Posted by: {XN}Boylett Dec 14 2008, 06:21 PM

I get the same result.

Posted by: michaelk Dec 14 2008, 06:53 PM

for the command and your script?

Posted by: {XN}Boylett Dec 15 2008, 11:15 AM

I did some googling.. apparently is because there isnt a /bin/sh so start.sh wont work. However, if I try starting server directly, it still doesnt work.

chroot /home/user /server

and server is a binary file

EDIT: I dont know if chroot is what I need.
I want the program to act as it's starting directory is its user's home directory, so it cant cd up but it can view all files in sub directories etc.

Posted by: michaelk Dec 15 2008, 06:34 PM

Have you looked at the URL I posted?

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)