From owner-freebsd-questions  Fri Dec 15 15:20:21 2000
From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 15 15:20:19 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4])
	by hub.freebsd.org (Postfix) with ESMTP id 2B12737B400
	for <freebsd-questions@FreeBSD.ORG>; Fri, 15 Dec 2000 15:20:18 -0800 (PST)
Received: from localhost (rsimmons@localhost)
	by mail.wlcg.com (8.11.1/8.11.1) with ESMTP id eBFNJsc08153;
	Fri, 15 Dec 2000 18:19:54 -0500 (EST)
	(envelope-from rsimmons@wlcg.com)
Date: Fri, 15 Dec 2000 18:19:54 -0500 (EST)
From: Rob Simmons <rsimmons@wlcg.com>
To: Alessandro de Manzano <demanzano@iol.it>
Cc: Peter Brezny <peter@sysadmin-inc.com>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: sandbox clarification.
In-Reply-To: <20001215234751.A305@libero.sunshine.ale>
Message-ID: <Pine.BSF.4.21.0012151815370.92637-100000@mail.wlcg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Oh, one thing I didn't mention about my bind setup, the directory that I
have bind chroot'd in inside of the jail is a separate drive partition
mounted as that directory.  This way, if the chroot'd bind get penetrated,
they won't be able to fill up the drive with garbage, only the partition
that bind is running in. :)

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Fri, 15 Dec 2000, Alessandro de Manzano wrote:

> > Sorry for the confusion, I'll use the more clear terminology (unpriviliged
> > user, jail, chroot) rather than the lame sandbox descriptor in the future.
> 
> thanks for your clarification! :-)
> 
> 
> > if you are running named under an unpriviliged user, is it still a good idea
> > (worth the extra time and headache) to set it up to run in a chrooted
> > environment?
> 
> I guess yes, also if could be a bit "difficult" the first time.
> 
> If that daemon fails and starts crunching your machine, at least does not eat it all :-)
> 
> 
> -- 
> 
> bye!
> 
> Ale
> 
> demanzano@iol.it
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message