On Mon, 2010-01-04 at 12:56 +0100, Thomas Bätzler wrote: > Trevor Vallender <t...@tsv.me.uk> asked: > > I am designing a system in which scripts are installed into their own > > directory, by a non-root user, under their home directory. > > > > It is very important they not be allowed to write anywhere outside the > > directory they are installed in. There are two ways I thought of doing > > this; create a user for each script to run as, without permission to see > > outside of its directory, or run in a chroot. > > > > My problem here is both of these methods need root privileges to get > > started, and for the life of me I cannot think how to get around this. > > Is there any way at all to create a chroot-like environment without root > > privileges? > > You don't mention on which OS you're trying to implement this, but if it's > Linux, then maybe SELinux (http://selinuxproject.org/page/Main_Page) might be > a solution for you. > Yes, sorry, an embedded Linux system. The SELinux idea is intriguing, but I can't say it's an area I know very much about, I will look into it. > When I had similar requirements in the past, I've always opted for a > chroot-based solution, though - mainly because I knew I could make it work > with limited effort. > > What I'd do is run a ssh daemon in a chroot jail and then make my > unprivileged users connect to that instead of the "real" system. That's a smart idea! Main downside would be still requiring root to set up each chroot. > > HTH, > Thomas
Thanks a lot. -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
