freebsd-dev/contrib/libpam/doc/modules/pam_chroot.sgml

<!--
   $Id: pam_chroot.sgml,v 1.1 1996/11/30 20:59:32 morgan Exp $
   
   This file was written by Bruce Campbell <brucec@humbug.org.au>
-->

<sect1>Chroot

<sect2>Synopsis

<p>
<descrip>

<tag><bf>Module Name:</bf></tag>
<tt/pam_chroot/

<tag><bf>Author:</bf></tag>
Bruce Campbell &lt;brucec@humbug.org.au&gt;

<tag><bf>Maintainer:</bf></tag>
Author; proposed on 20/11/96 - email for status

<tag><bf>Management groups provided:</bf></tag>
account; session; authentication

<tag><bf>Cryptographically sensitive:</bf></tag>
	
<tag><bf>Security rating:</bf></tag>

<tag><bf>Clean code base:</bf></tag>
Unwritten.

<tag><bf>System dependencies:</bf></tag>

<tag><bf>Network aware:</bf></tag>
Expects localhost.

</descrip>

<sect2>Overview of module

<p>
This module is intended to provide a transparent wrapper around the
average user, one that puts them in a fake file-system (eg, their
'<tt>/</tt>' is really <tt>/some/where/else</tt>).

<p>
Useful if you have several classes of users, and are slightly paranoid
about security.  Can be used to limit who else users can see on the
system, and to limit the selection of programs they can run.

<sect2>Account component:

<p>
<em/Need more info here./

<sect2>Authentication component:

<p>
<em/Need more info here./

<sect2>Session component:

<p>
<em/Need more info here./

<p>
<descrip>

<tag><bf>Recognized arguments:</bf></tag>
Arguments and logging levels for the PAM version are being worked on.

<tag><bf>Description:</bf></tag>

<tag><bf>Examples/suggested usage:</bf></tag>
Do provide a reasonable list of programs - just tossing 'cat', 'ls', 'rm',
'cp' and 'ed' in there is a bit... 
<p>
Don't take it to extremes (eg, you can set up a separate environment for
each user, but its a big waste of your disk space.)

</descrip>

<!--
End of sgml insert for this module.
-->