Hello, and thanks in advance.
I would like to create a logon script, for specific user, under ssh connection, to backup several directories in a USB device; this backup will run when the device was plugged in and the user logs in server. My knowledge of linux isn't very deeply now, and some questions are in my head.
I would like to make this in a chroot jail, and the user log in through ssh connection doesn't have to make nothing, the logon script will mount the USB device and make the backup (using rsync or whatever), and exit the ssh connection when it finish.
But the questions are:
- is possible to a user in a chroot jail mount a USB device?
- from this jail, the directories outside of the jail could be available or need to be bind or something for this task?
- it will be better to "jail" all the directories to backup, inside de chroot path (almost would be samba sharing for Windows clients)?
Well I apreciate your help.
Regards.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Is possible to mount devices in a chroot jail?
-
- Posts: 416
- Joined: 2007-03-19 18:11
- Location: my desk, Warsaw, Poland
Re: Is possible to mount devices in a chroot jail?
It's possible to access device files in a chroot. Why would you want to do that, though? I don't really think it's very secure. A better solution would, for me, be bindmounting the filesystem from outside into the chroot. Don't let the user mount anything in the chroot as mounting involves root privileges, and being root makes you able to exit a chroot at any time.
Chroot is not a security measure anyway. The directories from the outside are not available, unless the user finds a way to become root in the chroot, in which case you are doomed to doom.
Chroot is not a security measure anyway. The directories from the outside are not available, unless the user finds a way to become root in the chroot, in which case you are doomed to doom.
[url=irc://irc.freenode.net/debian]Find me on #debian at irc.freenode.net[/url] | Linux permission HOWTO | Shorewall firewall | Virtual web hosting