05-31-2013
hmm, this is exactly what a "chroot" environment is for. Notice, that you do not have to put every binary there, just the absolute minimum. If there is no shell you do not need to deny access to it. Further, you put only copies of these binaries there, not the real ones. If a process manages to compromise these it is still jailed in its - now compromised - chroot environment.
I hope this helps.
bakunin
7 More Discussions You Might Find Interesting
1. Linux
I created a user
useradd -d /disk2/ftpfiles me
How would i beable to jail me so he could not move arround my file system? (4 Replies)
Discussion started by: byblyk
4 Replies
2. UNIX for Advanced & Expert Users
I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon.
Under the jail man page there are two user flags that I am unclear on,
-u username The user name from host environment as whom the command
should run.
-U... (1 Reply)
Discussion started by: thumper
1 Replies
3. What is on Your Mind?
Enough of boring techie topics!! Vote on Paris Hilton and her jail time!! What do you think? (9 Replies)
Discussion started by: Neo
9 Replies
4. UNIX for Dummies Questions & Answers
I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies
5. Solaris
Hi Gurus,
I am creating a user for ftp only on Solaris 10. However while testing I can see user can reach to root directory.
I followed following while creating the user
1 Created a shell in /usr/bin/ftponly as chmod a+x to ftponly
2 Placed the entry in /etc/shells
... (2 Replies)
Discussion started by: kumarmani
2 Replies
6. UNIX for Advanced & Expert Users
I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies
7. Cybersecurity
Hi all,
I want to jail a process in his folder, so he can't have any link with a parent folder.
Ex. If i'm a hacker, and I can upload my script & and I can start it, i'll could go to ../, /etc/passwd, etc..
So what I did is to chroot the process :
I copied all libraries used by the... (1 Reply)
Discussion started by: Deb.I.am
1 Replies
LEARN ABOUT SUNOS
new_panel
panel_new(3CURSES) Curses Library Functions panel_new(3CURSES)
NAME
panel_new, new_panel, del_panel - create and destroy panels
SYNOPSIS
cc [ flag ... ] file ... -lpanel -lcurses [ library .. ]
#include <panel.h>
PANEL *new_panel(WINDOW *win);
int del_panel(PANEL *panel);
DESCRIPTION
new_panel() creates a new panel associated with win and returns the panel pointer. The new panel is placed on top of the panel deck.
del_panel() destroys panel, but not its associated window.
RETURN VALUES
new_panel() returns NULL if an error occurs.
del_win() returns OK if successful, ERR otherwise.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|MT-Level |Unsafe |
+-----------------------------+-----------------------------+
SEE ALSO
curses(3CURSES), panel_update(3CURSES), panels(3CURSES), attributes(5)
NOTES
The header <panel.h> automatically includes the header <curses.h>.
SunOS 5.10 31 Dec 1996 panel_new(3CURSES)