Date: Wed, 6 Oct 2004 21:50:48 +0200 (CEST) From: Sten Spans <sten@blinkenlights.nl> To: Tillman Hodgson <tillman@seekingfire.com> Cc: freebsd-current@freebsd.org Subject: Re: HEADS UP: named now runs chroot'ed by default Message-ID: <Pine.SOL.4.58-Blink.0410062141451.24963@tea.blinkenlights.nl> In-Reply-To: <20041006173608.GA58024@seekingfire.com> References: <20040928025635.Q5094@ync.qbhto.arg> <200409291951.12610.peter@wemm.org> <43039.193.35.129.161.1096541075.squirrel@webmail.xtaz.net> <20041005170720.M3095@bo.vpnaa.bet> <20041006173608.GA58024@seekingfire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 6 Oct 2004, Tillman Hodgson wrote: > On Tue, Oct 05, 2004 at 05:11:16PM -0700, Doug Barton wrote: > > On Thu, 30 Sep 2004, Tillman Hodgson wrote: > > > > >How does chroot and NFS interact? > > <snip> > > I can move away from that model easily enough, I just need to actually > make a plan to do so. If NFS and chroot are unhappy bedfellows, I'll do > so :-) > The only common nfs vs chroot issue one normally encounters is chroot interacting with root-squashing. One can only chroot as root, but root squashing will stop root from entering secure homedirs. Running setuid before chroot fixes the squashing, but then you can't chroot anymore. The easy way out is mode 710 and setgid, chroot, setuid. Linux has setfsuid for this purpose. That said, I wouldn't normally run nameservers with nfs personally, I like them widely distributed which kinda clinches with nfs. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.58-Blink.0410062141451.24963>