From owner-freebsd-security Sun Nov 4 11:11:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from koza.acecape.com (koza2.acecape.com [66.9.36.222]) by hub.freebsd.org (Postfix) with ESMTP id 3698937B416 for ; Sun, 4 Nov 2001 11:11:21 -0800 (PST) Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147]) by koza.acecape.com (8.10.1/8.9.3) with ESMTP id fA4JBJc11192 for ; Sun, 4 Nov 2001 14:11:20 -0500 (EST) Date: Sun, 4 Nov 2001 14:10:43 -0500 (EST) From: Francisco Reyes X-X-Sender: fran@zoraida.natserv.net To: FreeBSD Security List Subject: Chroot or jail? Message-ID: <20011104140305.C18599-100000@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am trying to see which method would be best for the following. I have an ID I use to copy data from one machine to another using SSH. I created some passwordless keys for the ID so the synchronization program, unison, could run unatended. As an additional precaution I wanted to isolate what the ID could see. I was unable to understand the chroot man page and the jail page will take me some time to read so I am going to print it and read it carefully. Does chroot need to be run as root? If so how does one specify what user it should be? If I get some good info on chroot I may try to improve the man page since it is a bit short and there doesn't seem to be much on this topic on the archives. All I believe I wil need the ID to be able to see is the directory where the data is, and the synchronization program which I can put on the target directory itself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message