From owner-freebsd-security Mon Aug 23 13:44:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 0A33B1514B for ; Mon, 23 Aug 1999 13:44:14 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id WAA11318; Mon, 23 Aug 1999 22:42:32 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Deepwell Internet Cc: freebsd-security@freebsd.org Subject: Re: IPFW/DNS rules In-reply-to: Your message of "Mon, 23 Aug 1999 13:19:17 PDT." <4.2.0.58.19990823131756.01edf5d0@mail1.dcomm.net> Date: Mon, 23 Aug 1999 22:42:32 +0200 Message-ID: <11316.935440952@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org check on a current system: man jail In message <4.2.0.58.19990823131756.01edf5d0@mail1.dcomm.net>, Deepwell Interne t writes: >I'm not familliar with jail as an admin term or a command. Can you tell me >where I can find more information on this? Is it an admin philosophy or a >tool? > > > > >> >One can also run named in chroot() environment and as non-root user. In >> >fact, this is exactly what we are doing where I work: >> > >> >85-jkb(nautilus)% ssh dns1.corp ps ax | grep named >> > 106 ?? Ss 0:30.01 syslogd -s -l /var/named/dev/log >> >27897 ?? Ss 1047:54.55 /var/named/named -u bind -g bind -t /var/named >> >>Even better yet: Run it in a jail with it's own IP number... >> > > -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message