From owner-freebsd-questions Mon Mar 19 18:37:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nisser.com (c0039.upc-c.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 7B64A37B732 for ; Mon, 19 Mar 2001 18:37:44 -0800 (PST) (envelope-from roelof@eboa.com) Received: from eboa.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id DAA57127; Tue, 20 Mar 2001 03:37:29 +0100 (CET) (envelope-from roelof@eboa.com) Message-ID: <3AB6C269.493D61A8@eboa.com> Date: Tue, 20 Mar 2001 03:37:30 +0100 From: Roelof Osinga Organization: Nisser - Nr. 1 in Veiligheid X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: James Jefferson Cc: "'questions@FreeBSD.org'" Subject: Re: EU setup References: <40DFA2708D54D41193F20001025665B62639F4@MAIL> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG James Jefferson wrote: > > how can one go about limiting the EU from cd out of his or her home dir. With jails and a whole lotta trouble. It's a nice concept, but it's also a whole lotta trouble. The trick of jails - and mind you, they can be broken out of - is that they limit all to a directory. What this means is that you can't, say, symlink to a /bin/ls binary since the link can't be followed. And that's just *one* binary. Another and way more simple way would be to give them a vewwy restrictive shell. Maybe like mc(d) coupled with a jail() or some such thing. Roelof -- duh is @ http://BeerIsBitter.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message