From owner-freebsd-questions Fri Dec 15 13:17:18 2000 From owner-freebsd-questions@FreeBSD.ORG Fri Dec 15 13:17:15 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 1348337B400 for ; Fri, 15 Dec 2000 13:17:15 -0800 (PST) Received: from wkst ([209.16.228.146]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id QAA29571 for ; Fri, 15 Dec 2000 16:20:18 -0500 Reply-To: From: "Peter Brezny" To: Subject: sandbox clarification. Date: Fri, 15 Dec 2000 16:16:20 -0800 Message-ID: <003001c066f5$6b4860a0$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I recently posted a question about running named in a sandbox vs in a chrooted environment. the named.conf sample that came with my 4.2-sable install, contains wording that leads one to believe a 'sandbox' is equivalent to running named as in unpriviliged user, since it claims that named runs in a sandbox by default and asks you to see the named_flags in rc.conf (defaults we are left to assume) where again there are some commented out lines that enable running named as an unpriviliged user. man security also refers to these commented out lines as where you enable running named in a sandbox. However, the named flag -t is not in the named.conf example provided. This is what led me to believe 'sandbox' = unpriviliged user, not, chrooted or jailed environment. Sorry for the confusion, I'll use the more clear terminology (unpriviliged user, jail, chroot) rather than the lame sandbox descriptor in the future. NOW, if you are running named under an unpriviliged user, is it still a good idea (worth the extra time and headache) to set it up to run in a chrooted environment? TIA encore Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message