From owner-freebsd-isp Tue Oct 2 4: 9:36 2001 Delivered-To: freebsd-isp@freebsd.org Received: from relay2.agava.net.ru (ofc.agava.net [213.59.3.194]) by hub.freebsd.org (Postfix) with ESMTP id C2BDD37B403 for ; Tue, 2 Oct 2001 04:09:31 -0700 (PDT) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by relay2.agava.net.ru (Postfix) with ESMTP id 59A8A43654; Tue, 2 Oct 2001 15:03:52 +0400 (MSD) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id 6286CCCC9; Tue, 2 Oct 2001 15:09:33 +0400 (MSD) Date: Tue, 2 Oct 2001 15:09:33 +0400 (MSD) From: Alexey Zakirov X-X-Sender: To: Roman Korolyov Cc: Subject: Re: jail + quota In-Reply-To: <20011002100821.7C8F417D06@mail.inetcomm.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 2 Oct 2001, Roman Korolyov wrote: > > The third problem is that all your accounts and groups must be unique > > across the whole machine. > > And what about root in every jail with uid/gid eq 0 ? > How do you limit them? In every jail you can create special group for root account and limit that group instead of uid 0. > Pity, but I can't see other solution other than using different partitions > (real or vn) for each jail. jail probably can't resists against DoS from the root account. *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message