Date: Wed, 1 Feb 2012 08:30:31 +0100 From: Stas Verberkt <legolas@legolasweb.nl> To: freebsd-questions@freebsd.org Subject: Securely sharing directories between jails Message-ID: <20120201073031.GA1678@homey.local>
next in thread | raw e-mail | index | archive | help
--G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline L.S., I want to set up my system in a way where applications are clustered over jails, e.g. a httpd, smbd and dbmsd jail. However, in most cases I need to share data over the jails, which is stored on the host. Often, nullfs and mounting ro is suitable, but I need write access in some cases. As nullfs rw over multiple jails can be considered insecure, I was wondering what would be a secure way. The only thing I could come up with was having both a NFS server and client running on the host and mounting such that all access is mapped to an account with less privileges. However, it seems like a waste to NFS with yourself. Thus, are there any better ways to achieve this? (I also thought of using nosuid flags, but I'm not sure if this is enough.) Kind regards, Stas Verberkt --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQJFBAEBCAAvBQJPKOoXKBpodHRwOi8vc3Rhcy52ZXJiZXJrdC5uZXQvcGdwL3Bv bGljeS50eHQACgkQaH4c59IqtYgQBg//Y6k1BjX5FRMbvcD77w8X1F+jvWgTCv5d dR294rKrj3iTl7a5zhOxfFajVb6C4vxwqMB0X/wpdpkjfud6tO/zr/x4yh2YYh+I a+94oTNgyIiyX3WVzLwH9z+gynkAVjrMnUrthAl9KefemNixEtPRqvNmmIPheE8Y r1a0daaeY/DWxjzVJwQbZ7Oq4aXjLcMp1BE5Ijr1bnE9OBCjOtAzKaFPNrki6Ac9 ekXCyasrzEMaqCyYccOZVrWvqgo0SYjYGC+c9fK4mQ2TGZMnQo5FHJbGx+vCFCiy j0hFb+gac2iFHsZOMrYP9c61BhSN5KlrBbPZKfsUEP5sbw4UPXm4Yr2nQuw1RCdj gU4OPdzSuI/a9GDbCOshvU+mXIX+WvrMr3W3exLF1gm9/+P37R9mTJV/N2jrvFwK p0Be3P4toUqy3/DHQL7h1YjKamcU0NZTlt7DE/Z/g/r2UUYF+1G2LlIV56mIl/U4 Z4v6fdcZr9a1kkNZmmn4t1w+WNkfn78C5eRc6zRHby1kJOnDF8Hl9lu5k4TD8Tlq UV+NCKxV/gwcQalkS1bXjQsDfzB7nN+1t28WYd0IP32kc17BfkTbUdLysTj4bcAY 2/eDBEUQHTEoz1z71EQnOXvBAC83hWD5XFCNSPUMbrMCGNQ8B6lmbT4v9Q6tMiOc XzTIgeNHoPY= =BjRO -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120201073031.GA1678>