Re: [IBMiOSS] the case for chroot -- OPENSOURCE

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

On Fri, Aug 12, 2016 at 11:51 AM, Kevin Adler <kadler@xxxxxxxxxx> wrote:

Is chroot more of a *PASE* thing or an *IFS* thing?

Technically, there's a component of both (since the ILE IFS code handles
the PASE requests), but in practical terms, it only affects PASE.

So I guess navigating the IFS using WRKLNK from the CL prompt would
not be subject to chroot? How about in Qshell?

I'm trying to imagine what it would even mean (let alone what the
benefit would be) for PUB400 to set up a chroot jail for each user.
The normal way to log into PUB400 is 5250 emulator. So immediately
they are already in an environment that is outside the jail, right? Do
they put themselves into the jail if they call QP2TERM, and escape
simply by exiting their QP2TERM session?

As Holger said, most of his users probably stay within QSYS.LIB
anyway, but if they were to venture out into the rest of the IFS, it
seems as though chroot would either have no effect, or would be kind
of confusing. There may be a case for chroot on PUB400, but I don't
think it's a particularly strong one. It's a very different story on
Litmis Spaces, where you're ONLY presented the PASE environment, and
the whole experience is as Unix-like as possible and as un-IBM-i-like
as possible.

John Y.

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.