[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] passwd inside the chroot

From: Olivier Sessink
Subject: Re: [Jailkit-users] passwd inside the chroot
Date: Fri, 20 Jul 2007 13:14:51 +0200 (CEST)
User-agent: SquirrelMail/1.4.9a

> What if there is only one account in a jail?

then there is probably no need for that file, but there is also no problem
having it there. You can always use the "skip_injail_passwd_check" option
in jk_chrootsh and supply the injail_shell option to set the shell.

However, if you want to use jk_lsh you need the passwd file because jk_lsh
needs the username of the current user in order to find the allowed
executables in the config file. (and without passwd file there is no
username in the jail, only the uid number)

> We are setting up sftp
> accounts
> for various paying customers, is it just paranoia on my part to set up a
> new jail for each user?

if all customers need just sftp, you can create a jail with just that, and
use the unix permissions to make sure they cannot read each other files.
Only if the file permission system would be flawed there would be a
security issue (but if the file permissions wound't work you have more
problem). Only if the permissions are set wrong different jails will still
help to keep file access separated. So different jails is an extra layer,
but in normal situations it wouldn't add extra security. So it's really up
to you.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]