Date: Thu, 16 Aug 2012 12:56:36 -0700 From: Devin Teske <devin.teske@fisglobal.com> To: <lconrad@Go2France.com> Cc: Devin Teske <dteske@freebsd.org>, freebsd-questions Questions <freebsd-questions@freebsd.org> Subject: Re: can a jail have link to outside of the jail? Message-ID: <81800F08-9149-4457-BA1D-EB07874039E2@fisglobal.com> In-Reply-To: <201208162051.AA214893042@mail.Go2France.com> References: <201208162051.AA214893042@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 16, 2012, at 11:51 AM, Len Conrad wrote: >=20 > I have an ssh user who needs only to search some log files not in his jai= l. The jail required because I don't want the user seeing the rest the mach= ine. If the dirs were linked to his jail, would that work?=20 >=20 To show a directory from a base-host to a member-jail, I'd recommend using = a nullfs-mount. Furthermore, you can automate the process in 2 different ways (scoped diffe= rently depending on how you use jails). You can add jail_{name}_mount_enable=3D"YES" to rc.conf(5) which enables th= e automatic handling of /etc/fstab.{name} every time you perform a "service= jail start|stop|restart {name}" (the mount will automatically be mounted a= nd unmounted on-demand of bringing the jail up-and-down irrespective of the= base host but respective to each jail). You'd load you /etc/fstab.{name} w= ith your nullfs mounts. The second way is of course is to put all your nullfs mounts into /etc/fsta= b (proper) but mark them as "noauto" (if desired) and optionally (if going = the noauto approach) add jail_{name}_exec_prestart=3D"mount dirname" and li= kewise [optional] jail_{name}_exec_poststop=3D"umount dirname" All depending on how you use jails. If you'd of course rather prefer all the mounts come up at boot and go from= permanent directories to permanent directories (which you know will never = go away), _and_ you like the idea of not having mounts going up and down wi= th your jails (perhaps you're fine-tuning your jail's startup), I'd say thr= ow them into /etc/fstab full-auto and not associate them with the jails. Bu= t it's all up to you. Hope that helps. > What I'd really like is something like ftpchroot for but ssh. >=20 Hmmm, does the above approach work better? just exposing one directory to h= is jail via nullfs? > suggestions? >=20 --=20 Cheers, Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?81800F08-9149-4457-BA1D-EB07874039E2>