pam_chroot
Bruce Campbell <brucec@humbug.org.au>
Author; proposed on 20/11/96 - email for status
account; session; authentication
Unwritten.
Expects localhost.
This module is intended to provide a transparent wrapper around the
average user, one that puts them in a fake file-system (eg, their
'/
' is really /some/where/else
).
Useful if you have several classes of users, and are slightly paranoid about security. Can be used to limit who else users can see on the system, and to limit the selection of programs they can run.
Need more info here.
Need more info here.
Need more info here.
Arguments and logging levels for the PAM version are being worked on.
Do provide a reasonable list of programs - just tossing 'cat', 'ls', 'rm', 'cp' and 'ed' in there is a bit...
Don't take it to extremes (eg, you can set up a separate environment for each user, but its a big waste of your disk space.)