× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Nathan

I also wasn't sure what this does - I did look, and what I think happens is, the directory you specify becomes, from that point on in your session, root of the file system. This apparently lets you copy stuff into some directory of your own, run chroot with that directory, then everything you do works as if it were in the actual root of the file system - which lets you test as if you were completely live.

Kind of like document root in Apache, maybe?

Here is a description from a wiki article - not specific to PASE or IBM i that I know of -

"A /chroot/ on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree."

Here's something by Tony about PASE' chroot - http://yips.idevcloud.com/wiki/index.php/PASE/CHROOT

So I wonder if what everyone is talking about is something that is already there, or something that improves on the PASE chroot command - I have just casually watched this thread, so probably have misses something.

Cheers
Vern

On 10/26/2015 5:06 PM, Nathan Andelin wrote:
Yes... you do not understand.

Hi Rob,

You're just repeating what I already admitted - that I don't understand.
The references at bitbucket and Yips are not much help. They lack any
explanation of what chroot does.

I'd like to understand what you mean by "No one from the out-side can get
to your system." A blanket assertion like that could be easily achieved by
blocking all "out side" IP traffic to "your system".

Hi Pete,

Your explanation of chroot is also vague:

"This is just a practical implementation of least privilege but it handles
all the messy details for you."

"least privileges" for developers, users, or both? What messy details? Is
chroot even based on user profile?

"The intent is to limit the ability of a user in the environment to break
out and drop into a higher privilege of access."

Sorry, what kind of "user"? What kind of "environment"?

The term "break out" suggests a "sand-box" of sorts. Is chroot a way of
setting up a VM environment in PASE?

With regards...


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.