Solved

How are the concept of chroot and sudo together working?

Posted on 2014-11-20
2
265 Views
Last Modified: 2014-11-24
In my mind i started to create concept to solve the problem of regulate access of a big a mount of root users.
I like the idea to have usergroups with different access rights on a system.

So i want to have for example root users for the whole System(s) and a group for a small part of the system. I checked the ACL, chroot and sudo and for me it will best fitting the combination of chroot and sudo. And for that i need an answer how this two work together.

If a user logins in a chroot enviroment and in that i have a sudo for example a super user (rootlike) in chroot is there anything against that combination? Or do i have to be awared of any breakouts to the real root directories?

Like i understand is if you use only sudo its possible do climb the tree with /../../../ but in a chroot he can only climb to the fake root???
0
Comment
Question by:Wilder_Admin
2 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40455158
'sudo' is used (via the sudoers configuration file) to define what regular accounts may run privileged commands.

'chroot' is the process to create a fake root so that real directories above the fake root are not visible.  you do not chroot the privileged account(s).
0
 
LVL 8

Author Closing Comment

by:Wilder_Admin
ID: 40462157
I needed Informations if it would work together not a suggestion how to do. But i tried it on the hard way and its working like desired.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now