Get flash to fully experience Pearltrees
This page details how the chroot() system call can be used to provide an additional layer of security when running untrusted programs. It also details how this additional layer of security can be circumvented. chroot() is a Unix system call that is often used to provide an additional layer of security when untrusted programs are run. The kernel on Unix varients which support chroot() maintain a note of the root directory each process on the system has. Generally this is " / ", but the chroot() system call can change this. When chroot() is successfully called, the calling process has its idea of the root directory changed to the directory given as the argument to chroot() .
One of the things I both love and hate about my job is getting assigned new projects. They can be about anything and everything. A few months back I was given an assignment to create some chroot jails for a group of customers so that they could securely upload files with sftp. The requirement was that the customers needed to be able to upload file, but in a secure and private way. Customer One should not be able to see Customer Two's files, for example.
Version 1.0 Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de> Last edited 10/08/2007 This document describes how to set up a chrooted SSH/SFTP environment on Fedora 7. The chrooted users will be jailed in a specific directory where they can't break out. They will be able to access their jail via SSH and SFTP. This howto is meant as a practical guide; it does not cover the theoretical backgrounds.