[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Run apache/tomcat process from a jailed user accoun
|
From: |
Tanveer Chowdhury |
|
Subject: |
Re: [Jailkit-users] Run apache/tomcat process from a jailed user account |
|
Date: |
Wed, 3 Jun 2009 17:08:46 +0600 |
Thanks for your reply.
Apache is run as daemon and which is outside the jail and run using
/etc/init.d/httpd.
Now please help me on how to run this apache using the jail user.
I tried with sudo but it says this:
sudo: unable to initialize PAM: No such file or directory
please help.
On Wed, Jun 3, 2009 at 11:44 AM, Olivier Sessink
<address@hidden> wrote:
> Tanveer Chowdhury wrote:
>> Hi all,
>>
>> I have created a user 'jailuser' in a chroot jail environment. The
>> home of the user is now /home/webjailuser/home/jailuser.
>>
>> I am using this user so that the user can only change html files of
>> web document root as I mounted that directory under his home.
>>
>> Now, I want to grant that user the privilege to star/stop apache
>> server only. Is it possible with jailkit? The reason behind this I
>> have a system with tomcat where I grant privilege to the user to
>> start/stop tomcat service so it the above is possible then I will put
>> the user in jail and just give him tomcats docroot and tomcat process
>> privilege. Nothing else.
>
> it depends if the apache server runs with the same privileges as the
> user or different privileges. If they are the same you could run the
> apache process in the same jail and it will be easy for the user to
> restart the process.
>
> If different, you need something like sudo to manage the privileges.
> Note that sudo is setuid root and jk_cp and jk_lsh remove the setuid bit
> when copying files.
>
> regards,
> Olivier
>
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>