|
From: | Snowman |
Subject: | Re: [Jailkit-users] SU problem in jail |
Date: | Sun, 09 Nov 2008 12:57:59 +0100 |
User-agent: | Thunderbird 2.0.0.17 (Macintosh/20080914) |
Pocuj cani, nechaj to tak, precitaj si how to a nespamuj. Chuck ta vidi. Čaniga Stanislav wrote / napísal(a):
Hi Kevin,well if someone would somehow find out a password of a user that is able to su, he would still not be able to browse the system and read configuration files. And if he finds out he can use su, he still would not know the root password ...Stan On Nov 9, 2008, at 12.28 , Kevin wrote:Hello Stan,Don't know why you must jail the user while you want he is able to su to root.It is not necessary to jail every account on you system. If you want someone to be able to su, why not simply keep him not jailed? KevinOn Sun, Nov 9, 2008 at 6:34 PM, Čaniga Stanislav <address@hidden> wrote:Hi Oliver Thanks for looking into this:What I want to achieve is: disabled root ssh login (already works), and having only few users in a "su" group, that are able to execute the su, to be able to su to the root user and manage the system. I want all users to be chrooted and only those in the "su"group can su.Stan On Nov 9, 2008, at 11.29 , Olivier Sessink wrote:Čaniga Stanislav wrote:Hi all, I'm having a little problem with setting up the jailkit properly in order to use su as a chrooted user.what exactly do want to achieve? having 'su' inside a chroot jail is notvery common. su is a setuid binary (not recommended in a jail) and it probably needs access to the shadow file (not in the jail) to check passwords. perhaps there are other (more secure) ways to accomplish what you want to do. Olivier _______________________________________________ Jailkit-users mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/jailkit-users_______________________________________________ Jailkit-users mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/jailkit-users_______________________________________________ Jailkit-users mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/jailkit-users_______________________________________________ Jailkit-users mailing list address@hidden http://lists.nongnu.org/mailman/listinfo/jailkit-users
[Prev in Thread] | Current Thread | [Next in Thread] |