Gavin Rogers wrote:
> Hey guys I'm really interested in using jailkit for my company's
> servers. I have installed jailkit on several distros and in several
> ways, including all the various scenarios described on the website. I
> find jailkit to be much preferable to building a chroot environment
> manually. Also, it's so fast and easy I've had more time to contemplate
> questions of security such as:
> Why is the passwd file inside the chroot used? Isn't this (kinda)
> insecure, as one could perhaps change this file and change the UID of
> the user to 0?
all jailkit utilities check if the user information inside the jail is
the same as outside the jail. If you have user 'foo' outside the jail
with UID 1234 and inside the jail with UID 0 jk_chrootsh will abort and
send a message to the syslog daemon.
The reason to have the passwd file in the jail is to allow
`ls -l` or `chown` or other commands that need to lookup from 'uid' to
'name' to work.
> I got this question while reading:
> http://www.unixwiz.net/techtips/chroot-practices.html
> What would be the best way to modify jailkit to take this into account?
I think it's in some cases a bad practice to remove it. Suppose you have
several accounts in a jail that need to share information. Given the
fact that jailkit checks if the user information in the jail is
identical, you're better off if these accounts can actually see who is
the owner of a file, instead of just the numeric UID.
What if there is only one account in a jail? We are setting up sftp accounts for various paying customers, is it just paranoia on my part to set up a new jail for each user? Should we just create a single jail for all the users (which would require a passwd inside the jail)?
> Also, what about using the -r option for bash when starting a bash
> session to be used for only one command (say, cvs)?
I've never used it, so I can't say..
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users