gnewsense-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gNewSense-users] Non-root chroot and PAM


From: Sam Geeraerts
Subject: Re: [gNewSense-users] Non-root chroot and PAM
Date: Sat, 07 Apr 2012 18:38:36 +0200
User-agent: Thunderbird 2.0.0.24 (X11/20101029)

Stayvoid wrote:
Hi,

I want to restrict web-based access to my VPS.
Someone can break my web password, install a new system and chroot
into existing system with root privileges.
My idea is to uncomment "- : root : ALL" in /etc/security/access.conf
to prevent this. (Will it help?)

I believe that would block all login attempts by root. But chroot does not authenticate, it's more like a file system operation. If the intruder could chroot, he would have access to that file system anyway.

But I want to be able to chroot into my system from another one if I
break something.
Is it possible to chroot as an ordinary user?
(This user can use sudo to get root privileges.)

You need root privileges to chroot.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]