Date: Sat, 16 Dec 2000 01:37:09 +0300 (MSK) From: Maxim Konovalov <maxim@macomnet.ru> To: Peter Brezny <peter@sysadmin-inc.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: named in a sand box. Message-ID: <Pine.BSF.4.21.0012160135030.29880-100000@news1.macomnet.ru> In-Reply-To: <002d01c066f4$1ba7a980$46010a0a@sysadmininc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On Fri, 15 Dec 2000, Peter Brezny wrote: > I have a nomenclature ignorance when it comes to the term sandbox. > > When someone says, "named runs in a sandbox on my machine." > > Do they mean > > a) named runs under an unpriviliged user > or > b) named runs in a chrooted environment > or > c) both > > ? *I* mean "both". http://www.psionic.com/papers/dns/dns-openbsd/ HTH > In the /etc/namedb/named.conf it says that freebsd runs bind in a sandbox > and refers to the named flags in rc.conf, and when you look at those flags > in /etc/defults/named.conf all you see is the -u and -g options for the > flags, NOT the -t option for running in a chrooted environemnt. > > This led me to believe that 'sandbox' means unpriviliged user. But when i > posed a related question on -questions, someone told me that sandbox = > chrooted environment. > > I also want to know, if you are running named under an unpriviliged user, is > it worth the extra trouble to run it chrooted? > > Thanks for your help. > > Peter Brezny > SysAdmin Services Inc. - - maxim -- Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer phone: +7 (095) 796-9079, mailto: maxim@macomnet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012160135030.29880-100000>