Chroot allows user based namespace isolation on many standard Linux deployments.

## 1. Prerequisites

- Familiarity with [chroot](http://man7.org/linux/man-pages/man2/chroot.2.html)
- Chroot installed on your machine.

## 2. Install MinIO in Chroot

```sh
mkdir -p /mnt/export/${USER}/bin
wget https://dl.min.io/server/minio/release/linux-amd64/minio -O /mnt/export/${USER}/bin/minio

# Verify the list of users and service accounts from the import
./mc admin user list myminio
USER_COUNT=$(./mc admin user list myminio | wc -l)
if [ "${USER_COUNT}" -ne 2 ]; then
	echo "BUG: Expected no of users: 2 Found: ${USER_COUNT}"
	exit 1
fi
./mc admin user svcacct list myminio "uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io" --json

		"reason": fmt.Sprintf("%v", err),
	})
}

type Resp struct {
	User               string                 `json:"user"`
	MaxValiditySeconds int                    `json:"maxValiditySeconds"`
	Claims             map[string]interface{} `json:"claims"`
}

var tokens map[string]Resp = map[string]Resp{
	"aaa": {
		User:               "Alice",
		MaxValiditySeconds: 3600,
		Claims: map[string]interface{}{

		return
	}

	var targetAccount string

	// If listing is requested for a specific user (who is not the request
	// sender), check that the user has permissions.
	user := r.Form.Get("user")
	if user != "" && user != cred.AccessKey {
		if !globalIAMSys.IsAllowed(policy.Args{
			AccountName:     cred.AccessKey,
			Groups:          cred.Groups,

    /**
     * The attributes map for the user.
     */
    public Map<String, String> attributes = new HashMap<>();

    /**
     * The roles assigned to the user.
     */
    public String[] roles;

    /**
     * The groups assigned to the user.
     */
    public String[] groups;

    /**
     * Initializes the form with default values for creating a new user.
     */
    public void initialize() {

        NtlmPasswordAuthenticator startAuth = new NtlmPasswordAuthenticator("domain", "user", new String(diffAtStart));
        NtlmPasswordAuthenticator middleAuth = new NtlmPasswordAuthenticator("domain", "user", new String(diffAtMiddle));
        NtlmPasswordAuthenticator endAuth = new NtlmPasswordAuthenticator("domain", "user", new String(diffAtEnd));

        try {

if [ "${val}" != "val1" ]; then
	echo "expected bucket tag to have replicated, exiting..."
	exit_1
fi
# Create user with policy consoleAdmin on minio1
./mc admin user add minio1 foobarx foobar123
if [ $? -ne 0 ]; then
	echo "adding user failed, exiting.."
	exit_1
fi
./mc admin policy attach minio1 consoleAdmin --user=foobarx
if [ $? -ne 0 ]; then
	echo "adding policy mapping failed, exiting.."
	exit_1
fi
sleep 10

     * @param user The Azure AD user to update.
     */
    public void updateMemberOf(final AzureAdUser user) {
        final List<String> groupList = new ArrayList<>();
        final List<String> roleList = new ArrayList<>();
        groupList.addAll(getDefaultGroupList());
        roleList.addAll(getDefaultRoleList());

import org.dbflute.optional.OptionalThing;

/**
 * An LDAP user.
 */
public class LdapUser implements FessUser {

    private static final long serialVersionUID = 1L;

    /** The environment for LDAP connection. */
    protected Hashtable<String, String> env;

    /** The name of the user. */
    protected String name;

    /** The permissions of the user. */
    protected String[] permissions = null;

    /**

//
// - inherited from parent - this is the case for AssumeRole API, where the
// parent user is an actual real user with their own (permanent) credentials and
// policy association.
//
// - inherited from "virtual" parent - this is the case for AssumeRoleWithLDAP
// where the parent user is the DN of the actual LDAP user. The parent user
// itself cannot login, but the policy associated with them determines the base