From owner-freebsd-questions  Thu Sep 21  0:30:16 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id B631437B43C
	for <questions@freebsd.org>; Thu, 21 Sep 2000 00:30:12 -0700 (PDT)
Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Thu, 21 Sep 2000 00:29:02 -0700
Received: (from cjc@localhost)
	by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8L7U4X27265;
	Thu, 21 Sep 2000 00:30:04 -0700 (PDT)
	(envelope-from cjc)
Date: Thu, 21 Sep 2000 00:29:59 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Drew Sanford <drew@planetwe.com>
Cc: questions@FreeBSD.ORG
Subject: Re: chroot - security alternatives?
Message-ID: <20000921002959.A367@149.211.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <39C937E5.F67665C5@planetwe.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <39C937E5.F67665C5@planetwe.com>; from drew@planetwe.com on Wed, Sep 20, 2000 at 05:19:17PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, Sep 20, 2000 at 05:19:17PM -0500, Drew Sanford wrote:
> I have an NFS mounted raid box that I have users home directories on. I
> want to chroot these users, but they do not ftp into the machine that is
> local to the raid box. As a result, the chroot fails, and login fails
> when a user tries to ftp in. How can I make ../ inaccessable to these
> users other than chroot? Is there a way to chroot drives that are nfs
> mounts? Thanks for any advice on this.

This is a bit confusing. First of all, RAID has nothing to do with any
of this. You just want to have users ftp into a machine that has NFS
mounted home directories, right? That defines the problem. Anything
else is extraneous.

Now, when they ftp into this machine with the NFS home directories,
you say it fails. In what way does it fail? As for chrooting on an NFS
mount, I am not aware of any problems chrooting on NFS. I just did a
quick and not-so-scientific test,

  # mount localhost:/usr/home /mnt
  # chroot /mnt/joeuser /test_prog
  It did not fail.
  #

Where that was the correct output of /usr/home/joeuser/test_prog. This
special case seems to work.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message