Date: Fri, 15 Dec 2000 16:58:12 -0500 (EST) From: Rob Simmons <rsimmons@wlcg.com> To: Peter Brezny <peter@sysadmin-inc.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: sandbox clarification. Message-ID: <Pine.BSF.4.21.0012151655510.92637-100000@mail.wlcg.com> In-Reply-To: <003001c066f5$6b4860a0$46010a0a@sysadmininc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
It can be a bit confusing the first time you setup a chroot'd or jail'd environment, but it is definitely worth it. I actually have bind running as an unpriviliged user in a chroot'd environment, which is in turn inside of a jail'd vm. :) Bind is a historically rootable daemon. Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 15 Dec 2000, Peter Brezny wrote: > I recently posted a question about running named in a sandbox vs in a > chrooted environment. > > the named.conf sample that came with my 4.2-sable install, contains wording > that leads one to believe a 'sandbox' is equivalent to running named as in > unpriviliged user, since it claims that named runs in a sandbox by default > and asks you to see the named_flags in rc.conf (defaults we are left to > assume) where again there are some commented out lines that enable running > named as an unpriviliged user. man security also refers to these commented > out lines as where you enable running named in a sandbox. However, the > named flag -t is not in the named.conf example provided. > > This is what led me to believe 'sandbox' = unpriviliged user, not, chrooted > or jailed environment. > > Sorry for the confusion, I'll use the more clear terminology (unpriviliged > user, jail, chroot) rather than the lame sandbox descriptor in the future. > > NOW, > > if you are running named under an unpriviliged user, is it still a good idea > (worth the extra time and headache) to set it up to run in a chrooted > environment? > > TIA encore > > Peter Brezny > SysAdmin Services Inc. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012151655510.92637-100000>