Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Aug 2012 12:56:36 -0700
From:      Devin Teske <devin.teske@fisglobal.com>
To:        <lconrad@Go2France.com>
Cc:        Devin Teske <dteske@freebsd.org>, freebsd-questions Questions <freebsd-questions@freebsd.org>
Subject:   Re: can a jail have link to outside of the jail?
Message-ID:  <81800F08-9149-4457-BA1D-EB07874039E2@fisglobal.com>
In-Reply-To: <201208162051.AA214893042@mail.Go2France.com>
References:  <201208162051.AA214893042@mail.Go2France.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Aug 16, 2012, at 11:51 AM, Len Conrad wrote:

>=20
> I have an ssh user who needs only to search some log files not in his jai=
l. The jail required because I don't want the user seeing the rest the mach=
ine.  If the dirs were linked to his jail, would that work?=20
>=20

To show a directory from a base-host to a member-jail, I'd recommend using =
a nullfs-mount.

Furthermore, you can automate the process in 2 different ways (scoped diffe=
rently depending on how you use jails).

You can add jail_{name}_mount_enable=3D"YES" to rc.conf(5) which enables th=
e automatic handling of /etc/fstab.{name} every time you perform a "service=
 jail start|stop|restart {name}" (the mount will automatically be mounted a=
nd unmounted on-demand of bringing the jail up-and-down irrespective of the=
 base host but respective to each jail). You'd load you /etc/fstab.{name} w=
ith your nullfs mounts.

The second way is of course is to put all your nullfs mounts into /etc/fsta=
b (proper) but mark them as "noauto" (if desired) and optionally (if going =
the noauto approach) add jail_{name}_exec_prestart=3D"mount dirname" and li=
kewise [optional] jail_{name}_exec_poststop=3D"umount dirname"

All depending on how you use jails.

If you'd of course rather prefer all the mounts come up at boot and go from=
 permanent directories to permanent directories (which you know will never =
go away), _and_ you like the idea of not having mounts going up and down wi=
th your jails (perhaps you're fine-tuning your jail's startup), I'd say thr=
ow them into /etc/fstab full-auto and not associate them with the jails. Bu=
t it's all up to you.

Hope that helps.


> What I'd really like is something like ftpchroot for but ssh.
>=20

Hmmm, does the above approach work better? just exposing one directory to h=
is jail via nullfs?


> suggestions?
>=20

--=20
Cheers,
Devin

_____________
The information contained in this message is proprietary and/or confidentia=
l. If you are not the intended recipient, please: (i) delete the message an=
d all copies; (ii) do not disclose, distribute or use the message in any ma=
nner; and (iii) notify the sender immediately. In addition, please be aware=
 that any message addressed to our domain is subject to archiving and revie=
w by persons other than the intended recipient. Thank you.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?81800F08-9149-4457-BA1D-EB07874039E2>