jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] SU problem in jail


From: Snowman
Subject: Re: [Jailkit-users] SU problem in jail
Date: Sun, 09 Nov 2008 12:57:59 +0100
User-agent: Thunderbird 2.0.0.17 (Macintosh/20080914)

Pocuj cani,
nechaj to tak, precitaj si how to a nespamuj.
Chuck ta vidi.

Čaniga Stanislav  wrote / napísal(a):
Hi Kevin,

well if someone would somehow find out a password of a user that is able to su, he would still not be able to browse the system and read configuration files. And if he finds out he can use su, he still would not know the root password ...

Stan

On Nov 9, 2008, at 12.28 , Kevin wrote:

Hello Stan,

Don't know why you must jail the user while you want he is able to su to root.
It is not necessary to jail every account on you system. If you want
someone to be able to su, why not simply keep him not jailed?

Kevin

On Sun, Nov 9, 2008 at 6:34 PM, Čaniga Stanislav <address@hidden> wrote:

Hi Oliver

Thanks for looking into this:

What I want to achieve is: disabled root ssh login (already works), and having only few users in a "su" group, that are able to execute the su, to be able to su to the root user and manage the system. I want all users to be chrooted and only those in the "su"group can su.

Stan

On Nov 9, 2008, at 11.29 , Olivier Sessink wrote:

Čaniga Stanislav wrote:

Hi all,

I'm having a little problem with setting up the jailkit properly in
order to use su as a chrooted user.

what exactly do want to achieve? having 'su' inside a chroot jail is not
very common. su is a setuid binary (not recommended in a jail) and it
probably needs access to the shadow file (not in the jail) to check
passwords.

perhaps there are other (more secure) ways to accomplish what you want
to do.

Olivier


_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users



_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users



_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users





reply via email to

[Prev in Thread] Current Thread [Next in Thread]