On Mon, Mar 31, 2003 at 10:40:11AM -0800, David Davis wrote:
> Assuming the use of a pure ssh/scp/sftp/jail solution for file transfer:
>
> As far as scalability, would you suggest creating a jail filesystem for
> each user, or a single jail shared across multiple users? I like the
> privacy of an exclusive jail, but the duplicated filesystem and admin
> overhead seems a bit much.
So as I'm sitting here thinking. There are many pros and cons to
chrooting. The one you've cited can be hacked around by using one
shared base chroot that you can copy around and mount --bind
peoples home directories into on login and then do cleanup on logout.
This avoids part of the excessive disk usage problem. This is partly
what I want to experiment with eventually when I get some time.
But when you used the word "privacy" that triggered some bits of my
brain. Unix filesystems have privacy functions built into them already.
If you want something private set the bits the right way. In most cases
the use of a chroot _is_ really excessive. In fact the most valid case
for using a chroot in an everyday context -- that I can think of --
would be to seal a root running daemon process off from the rest of the
system.
> Also, can anybody think of a good way to create the effect of presenting
> a single directory choice ("/" for instance) when the user logs in
> through an scp/sftp client program? This is more for the user's
> convenience than anything else, but it is still important in the big
> scheme of things.
Using jail you can have a different home directory that is where the
user starts when logging in. You could also probably move a user around
on login by hacking their .profile.
--
Sam Phillips <[EMAIL PROTECTED]> http://www.dasbistro.com
Reno Nevada
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
