Re: [gNewSense-users] Non-root chroot and PAM

gnewsense-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] Non-root chroot and PAM

From:	Sam Geeraerts
Subject:	Re: [gNewSense-users] Non-root chroot and PAM
Date:	Sat, 07 Apr 2012 18:38:36 +0200
User-agent:	Thunderbird 2.0.0.24 (X11/20101029)

Stayvoid wrote:

Hi,

I want to restrict web-based access to my VPS.
Someone can break my web password, install a new system and chroot
into existing system with root privileges.
My idea is to uncomment "- : root : ALL" in /etc/security/access.conf
to prevent this. (Will it help?)

I believe that would block all login attempts by root. But chroot doesnot authenticate, it's more like a file system operation. If theintruder could chroot, he would have access to that file system anyway.

But I want to be able to chroot into my system from another one if I
break something.
Is it possible to chroot as an ordinary user?
(This user can use sudo to get root privileges.)


You need root privileges to chroot.

[Prev in Thread]

Current Thread

[Next in Thread]

[gNewSense-users] Non-root chroot and PAM, Stayvoid, 2012/04/07
- Re: [gNewSense-users] Non-root chroot and PAM, Stayvoid, 2012/04/07
  - Re: [gNewSense-users] Non-root chroot and PAM, Sam Geeraerts, 2012/04/07
    - Re: [gNewSense-users] Non-root chroot and PAM, Stayvoid, 2012/04/12
- Re: [gNewSense-users] Non-root chroot and PAM, Sam Geeraerts <=
  - Re: [gNewSense-users] Non-root chroot and PAM, Stayvoid, 2012/04/07
    - Re: [gNewSense-users] Non-root chroot and PAM, Karl Goetz, 2012/04/07
    - Re: [gNewSense-users] Non-root chroot and PAM, Stayvoid, 2012/04/08

Prev by Date: Re: [gNewSense-users] Removing dev packages
Next by Date: Re: [gNewSense-users] Non-root chroot and PAM
Previous by thread: Re: [gNewSense-users] Non-root chroot and PAM
Next by thread: Re: [gNewSense-users] Non-root chroot and PAM
Index(es):
- Date
- Thread