Chroot Jails Made Easy with the Jail Chroot Project
There are always difficult jobs to do as a GNU/Linux system administrator. Sometimes the difficulty lies in finding out how to do a particular job, not neccessarily the job itself. This can be particularly true in the open source world where documentation can often take a back seat to implementation. But once in a while, you can stumble on a real gem that simplifies even the most difficult administration tasks. One such gem is the Jail Chroot Project.
So what is a "chroot jail"?
Essentially it is a security method for creating a safe user enviroment on systems that allow remote access accounts. The "jail" locks users into a virtual directory structure and grants access only to applications created for the jailed users by the administrator. It has long been a standard for hosting companies to create remote access accounts with this method, but the process was far from simple. Creating each account took many steps and needed thorough testing to assure system security.
The Jail Chroot Project's purpose is to streamline the task of creating the chroot jail environment. It does so with utilities that "automagically configure & build all the required files, directories and libraries". It also makes adding new jailed accounts very easy. In this article, we'll take a look at the Jail Chroot Project utilities and show you how to install and use them to secure remote access accounts in a chroot-ed environment on your GNU/Linux system.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.