[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] Some problems with home directories and users with s
From: |
Stephen Tallowitz |
Subject: |
Re: [Jailkit-users] Some problems with home directories and users with same user id |
Date: |
Sun, 8 Jun 2008 11:59:08 +0200 |
Hello Olivier and Daniel,
I've been bugged by the thought of the multiple user names for one user id -
I've never thought about it and have never considered the possibility.
In Linux tools (see any Debian based system, command "useradd") there is an
option to allow multiple user names per id, but it has to be requested
specifically. I believe there is a good reason for this. Most systems needing
sophisticated access levels (some private files, some shared files, and some
files readable by a daemon only), build their security around *groups* and hand
out group memberships to users.
I have found an interesting and indepth article on Unix/Linux system security.
Especially this page is of interest:
http://www.lst.de/~okir/blackhats/node23.html
It states that the kernel only knows about user ids and the notion of user
names is just a convenience for the user. So, if you have a tool like ISPConfig
creating user names with the same user id you're in effect creating the same
set of permissions at the kernel level - this sounds very dangerous if you're
granting shell access to those users.
I've read through the article on setuid programmes
(http://www.lst.de/~okir/blackhats/node22.html) and it seems absolutely
possible that a user id is mapped to multiple user names. So if jailkit
(specifically jk_chrootsh) goes ahead and checks user names outside and inside
the jail match (as it does now), this seems to be the best thing that can be
done, seeing that different usernames can be mapped to the same id. And
security is paramount in jailkit.
I will follow up this line of thought on the jailkit-dev list, as I will get
into more technical details.
Cheers,
Stephen
- [Jailkit-users] Some problems with home directories and users with same user id, Daniel Rossi, 2008/06/06
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Daniel Rossi, 2008/06/07
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Olivier Sessink, 2008/06/07
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Daniel Rossi, 2008/06/07
- Re: [Jailkit-users] Some problems with home directories and users with same user id,
Stephen Tallowitz <=
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Daniel Rossi, 2008/06/08
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Olivier Sessink, 2008/06/08
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Daniel Rossi, 2008/06/08
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Olivier Sessink, 2008/06/08
- Re: [Jailkit-users] Some problems with home directories and users with same user id, Olivier Sessink, 2008/06/10
Re: [Jailkit-users] Some problems with home directories and users with same user id, Olivier Sessink, 2008/06/11