Date: Fri, 15 Dec 2000 16:16:20 -0800 From: "Peter Brezny" <peter@sysadmin-inc.com> To: <freebsd-questions@freebsd.org> Subject: sandbox clarification. Message-ID: <003001c066f5$6b4860a0$46010a0a@sysadmininc.com>
next in thread | raw e-mail | index | archive | help
I recently posted a question about running named in a sandbox vs in a chrooted environment. the named.conf sample that came with my 4.2-sable install, contains wording that leads one to believe a 'sandbox' is equivalent to running named as in unpriviliged user, since it claims that named runs in a sandbox by default and asks you to see the named_flags in rc.conf (defaults we are left to assume) where again there are some commented out lines that enable running named as an unpriviliged user. man security also refers to these commented out lines as where you enable running named in a sandbox. However, the named flag -t is not in the named.conf example provided. This is what led me to believe 'sandbox' = unpriviliged user, not, chrooted or jailed environment. Sorry for the confusion, I'll use the more clear terminology (unpriviliged user, jail, chroot) rather than the lame sandbox descriptor in the future. NOW, if you are running named under an unpriviliged user, is it still a good idea (worth the extra time and headache) to set it up to run in a chrooted environment? TIA encore Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001c066f5$6b4860a0$46010a0a>