[Re: Rights]

[Matt Graham]

"Daniel R . Kilbourne" <drk@voyager.net> wrote:
> Why would you want to? A standard user will not be able to hurt 
> anything....
> 
> Josh Grabarek 7722 extolled:
>> How do you give a user rights to there own directory but make it so 
>> they cannot browse outside of that directory?

A normal user will still be able to *see* many things, even they should not be
able to change anything that's not in ~ or /tmp.  If you're very paranoid, or
adminning a system with classified/secret data on its disks, chrooting or
jail()ing users could be useful/necessary.

If a user has a shell account, then chrooting them will drastically affect the
utility of their account.  It would be better to make the login shells for
untrusted users something like "/bin/bash -r".  (man bash, search for
"Restricted Shells".)

If a user is using the account primarily for FTP access, then chrooting them
makes good sense and is pretty easy to do with a good FTP daemon.  Please post
the details of your configuration (which distro, which FTP daemon you're
using...) and I think someone will be able to help you.

-- 
Matt G / Dances With Crows
There is no Darkness in Eternity/But only Light too dim for us to see
"I backed up my brain to tape, but tar says the tape contains no data...."