Guests can never be trusted. Whether they're just anonymous users poking around your server or house guests that never seem to flush the toilet, you can never really entrust the integrity of your system to someone you don't know. Well, how about putting them in a sandbox environment? Not good enough? What about sandbox-within-a-sandbox? Read on to learn about combining the powers of chroot with Unionfs which enables you to put untrusted users into a safe, secure environment where damage is highly mitigated.

When reading a 'hint' on the website of LinuxFromScratch I discovered the special capabilities of unionfs, specially in combination with chroot. Later I read a HowTo on a wikiwebsite of Gentoo, about entering a chrooted homedirectory when using a special script as shell. Combining these two brings me to using a chrooted environment, which you enter when logging in as a special user. This environment is a exact copy (mirror) of the system you're working on. Because you're in safe copy of the real system, you can do whatever you like, it will never change the system, everything stays inside the cache (the readwrite branch).

The link for this article located at HowtoForge is no longer available.