jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Run apache/tomcat process from a jailed user account


From: Olivier Sessink
Subject: Re: [Jailkit-users] Run apache/tomcat process from a jailed user account
Date: Wed, 03 Jun 2009 07:44:23 +0200
User-agent: Thunderbird 2.0.0.21 (X11/20090318)

Tanveer Chowdhury wrote:
> Hi all,
> 
> I have created a user 'jailuser' in a chroot jail environment. The
> home of the user is now /home/webjailuser/home/jailuser.
> 
> I am using this user so that the user can only change html files of
> web document root as I mounted that directory under his home.
> 
> Now, I want to grant that user the privilege to star/stop apache
> server only. Is it possible with jailkit? The reason behind this I
> have a system with tomcat where I grant privilege to the user to
> start/stop tomcat service so it the above is possible then I will put
> the user in jail and just give him tomcats docroot and tomcat process
> privilege. Nothing else.

it depends if the apache server runs with the same privileges as the
user or different privileges. If they are the same you could run the
apache process in the same jail and it will be easy for the user to
restart the process.

If different, you need something like sudo to manage the privileges.
Note that sudo is setuid root and jk_cp and jk_lsh remove the setuid bit
when copying files.

regards,
        Olivier




reply via email to

[Prev in Thread] Current Thread [Next in Thread]