chroot替代 [英] chroot alternative
问题描述
我知道 chroot
是这样做的一种方式,但它不安全,您需要root权限才能使用chroot理想情况下,应用程序将不需要)。
另外,我可以在运行之前阅读用户的代码,如果他们尝试写入文件时会抛出一个错误,但为此我需要考虑每个方面用户可能会违反我的规则,以防止它。
我看了 Linux-VServer ,但这将需要为每个用户单独的虚拟服务器(除非我错了)。
<我可以建立一个SSH连接并监禁连接,但这似乎不必要的资源贪婪。
是有一种方法,我可以监禁一个用户或进程到一个特定的文件夹,而不使用 chroot
?
查看lxc。
LXC是...LXC是Linux Contai的用户空间控制包净入学率。这有点像cgroups虚拟化。
I'm working on a webapp (running on an Ubuntu server) that will allow the user to run Octave code (basically Matlab). However, I only want them to be able to read or modify folders in their designated home folder.
I know chroot
is one way of doing this, but it's insecure and you need root privileges to chroot (which ideally the app won't need).
Also, I could read the user's code before running and throw an error if they try to write to a file, but for that I'd need to think of EVERY way the user might break my rules in order to prevent it.
I've looked at Linux-VServer but that would require a separate virtual server for each user (unless I'm mistaken).
edit: I could set up an SSH connection and jail the connection, but that seems unnecessarily resource-greedy.
Is there a way I could jail a user or process to a particular folder without using chroot
?
Check out lxc.
LXC is... "LXC is the userspace control package for Linux Containers." It's kind of like a cgroups virtualization.
这篇关于chroot替代的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!