Date: Thu, 14 Feb 2002 22:54:08 -0500 From: Jim Durham <durham@jcdurham.com> To: "Crist J. Clark" <cjc@FreeBSD.ORG>, Jim Durham <durham@w2xo.pgh.pa.us> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Jail question Message-ID: <200202150354.g1F3sEl61611@w2xo.pgh.pa.us> In-Reply-To: <20020214155838.E36782@blossom.cjclark.org> References: <Pine.BSF.4.21.0202141430160.25249-100000@w2xo.pgh.pa.us> <20020214155838.E36782@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 14 February 2002 06:58 pm, Crist J. Clark wrote: > On Thu, Feb 14, 2002 at 02:35:47PM +0000, Jim Durham wrote: > > I just recently discovered jail and started reading the > > material by phk on how it works. > > > > Ok, you can have a general over-all supervisory root account and > > you can have a root account in each jail. > > > > Let's say you make a jail for each department in a company. > > Suppose you have a situation where you have certain users who > > are not capable of system administration, but, they are supervisors > > who need to be able to read and modify files in all the jails, but > > not modify system config files, etc owned by the jail root account. > > > > How could you accomplish this? > > That's not what jail(8)s are really for. I think you just need to look > at group(5) ownership of files. Already doing that.On Thursday 14 February 2002 06:58 pm, Crist J. Clark wrote: > On Thu, Feb 14, 2002 at 02:35:47PM +0000, Jim Durham wrote: > > I just recently discovered jail and started reading the > > material by phk on how it works. > > > > Ok, you can have a general over-all supervisory root account and > > you can have a root account in each jail. > > > > Let's say you make a jail for each department in a company. > > Suppose you have a situation where you have certain users who > > are not capable of system administration, but, they are supervisors > > who need to be able to read and modify files in all the jails, but > > not modify system config files, etc owned by the jail root account. > > > > How could you accomplish this? > > That's not what jail(8)s are really for. I think you just need to look > at group(5) ownership of files. Already doing that. It's not really flexible enough but I live with it. Thanks -Jim The jail idea was just a To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202150354.g1F3sEl61611>