i want to create a chrooted envirment (jail) for shell users, and max procesing, how would i do that ???

ive tryed different kind of gnu projects but none of them seem to work deasent, any one ?? and plz one that is buggfree

the meaning of this is that i can provide people with free shells...

I've never used chroot for what you want to do.

See if these search results for 'chroot' (http://www.google.com/linux?hl=en&lr=&ie=ISO-8859-1&q=chroot&btnG=Google+Search) give you what you need. Some how-to's are included in those search results.

allready read most of them just want a program that works. and to do that what you sad i don't need to use a forum. i go to google first then to forum, i look for like 2 days and if i don't find what i want i go to forum, so if you don't know the answer don't answer :p. Thank you, i know you just want to help but i can answer questiosn as wel by saying buy the linux book, or go be a programmer go back to school, in a way that is what your saying you don't know but you look a way to answer, hmm well at least you admit you don't know, ive had a lot of people in the past who answerd questions, and just kept refering to howtos, after a while of asking questions it got clear they didn't knew the answer them selfs and just pretended to know, to get back to the question ive read howtos, tryed google, sourceforge, freshmeat,... now it is forum time.

Then I'm afraid you will have to wait for a member that can help.

BTW... I didn't know you had searched around already. Most here do not bother. :eek:

Have you thought of using jail (http://www.gsyc.inf.uc3m.es/~assman/jail/)? Here (http://www.linuxorbit.com/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=538&page=1) is a article about jail.

max procesing, hmmm I think you are looking for ulimit (it's detailed in the bash man page). Once you get your chroot setup you can add the proper ulimit lines to the chrooted /etc/profile. Another option is to edit /etc/security/limits.conf which sets the limits PAM.

Access Control Lists (http://sourceforge.net/projects/linux-acl/)

There are a few ACL projects around.

ACL's really don't apply. ACL's are an extention of permissions, like if you wanted one group to have read only access to a sub directory and the files and another group to have read write access to the same sub directory and files you would use ACL's.

I thought it did.

http://www.grsecurity.net/features.php

The first project you linked is a POSIX ACL project, here are the man pages (http://acl.bestbits.at/man/man.shtml) for POSIX ACL/EA.

grsecurity is a mandatory access control / Role-Based Access Control project. Projects like this ( www.rsbac.org and www.nsa.gov/selinux/ ) will include POSIX ACL's but it's far more complex than just file ACL's. At the core of these systems they remove the idea of a root user and define the rootly powers individually so they can be asigned only as needed.

Originally posted by stiles
The first project you linked is a POSIX ACL project, here are the man pages (http://acl.bestbits.at/man/man.shtml) for POSIX ACL/EA.


I couldn't remember the name (grsecurity) at that moment and just posted the first hit I got with a freshmeat.net search for ACL.

I then remembered I still had the kernel patch sitting on another partition and found the name. 'grsecurity'

jail i tryed, cage i tryed

jail: - it is supposed to work but has a bug so if u install a jail it bocks the userfiles or something this is done cause the author of jail found out that this was a security hole like this they where able to still gain root access, ... so he left it out with result the jail does not work

cage i found out is more like to cage a system account or proces to a certain directory, what the meaning of that is i think you could compare it to chroot but it has not mutch docu on how to do it ... so i am still figuring out what to do with it i also tryed other various programs howtos but none of them seemed to be able to explain or apply a jailed chrooted or caged system..

but tnx for the suggestion ;)

oh the guy who first answers np hehe didn't meanth it wrong he he ill look into grsecurity ive read over the page and looks pretty good hehe

'grsecurity' is a kernel patch of which you would then need to recompile the kernel in order to enable the ACL options.