Date: Thu, 10 Dec 2015 15:02:24 +0000 From: Steve O'Hara-Smith <steve@sohara.org> To: Michael Firnau <mfi@tf.uni-kiel.de> Cc: Aleksandr Miroslav <alexmiroslav@gmail.com>, freebsd-questions@freebsd.org Subject: Re: best practice for locking down private jail? Message-ID: <20151210150224.18d842126bf67bb0b07dcdf6@sohara.org> In-Reply-To: <20151210144007.GA23555@fanty-a.tf.uni-kiel.de> References: <CACcSE1yQO8AjW9rpY%2Bd2p1-ArPbO4qKV0zcaCMyRhYEWLOpQGA@mail.gmail.com> <20151203073923.17dae0c41a2b5e29a5b3a3dd@sohara.org> <CACcSE1zhMLnbo%2BbOixOM_ZLBpP%2BszbmzfFH_12v36ezy34fs9g@mail.gmail.com> <20151210144007.GA23555@fanty-a.tf.uni-kiel.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Dec 2015 15:40:08 +0100 Michael Firnau <mfi@tf.uni-kiel.de> wrote: > On Thu, Dec 03, 2015 at 06:45:16PM -0800, Aleksandr Miroslav wrote: > > On Wed, Dec 2, 2015 at 11:39 PM, Steve O'Hara-Smith <steve@sohara.org> > > wrote: > > > I would set up two jails - one as the upload jail the other the web > > > server and use a cron job on the host to move verified mp3 files > > > > Excellent advice, I will do just that. > > I think the cron job isn't needed. Create a directory outside the jails > and mount it as nullfs and 'rw' into the upload jail and 'ro' into the > web server jail. We do this on a zfs basis. That works of course, but loses the opportunity to verify the files before putting them online. -- Steve O'Hara-Smith <steve@sohara.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151210150224.18d842126bf67bb0b07dcdf6>