Chroot Jails Made Easy

GonzoJohn writes "There are always difficult jobs to do as a GNU/Linux system administrator. Sometimes the difficulty lies in finding out how to do a particular job, not necessarily the job itself. This can be particularly true in the open source world where documentation can often take a back seat to implementation. But once in a while, you can stumble on a real gem that simplifies even the most difficult administration tasks. One such gem is the Jail Chroot Project. Linux Orbit introduces you to creating chroot-ed environments in this article."

That's neat

[SexyKellyOsbourne]

Though it seems like a virtual system, a chroot cell is not totally virtual, and there can still be plenty of comprosmises.

Like usual, all you need is access to a compiler, and you can make a jailbreak. In fact, there's a whole guide to it here:

http://www.bpfh.net/simes/computing/chroot-break.h tml

If the whole jail resided in its own actual virtual Linux machine, where nasty things cannot break the account, just the session, they would be quite a bit more effective.

Re: Old but effective

[twoslice]

I have been using chroot for many years, mostly with the big three (Apache bind and sendmail). However, I would never rely solely on chroot for security.

It is rediculous to do a Maxwell Smart and put 10 locks on your front door when the window is wide open. You are always better to rely upon a locked box, inside a locked box, inside a locked box etcetera, Rather than OUMF lock!

OUMF??? you say (new proposed acromyn)...
Just think of Arnie in Predator when he says to the alien "You're one ugly mother f......"