From owner-freebsd-security Sun Nov 4 11:15:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163]) by hub.freebsd.org (Postfix) with ESMTP id 676A037B405 for ; Sun, 4 Nov 2001 11:15:29 -0800 (PST) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id fA4JESq21613; Sun, 4 Nov 2001 20:14:28 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Francisco Reyes Cc: FreeBSD Security List Subject: Re: Chroot or jail? In-Reply-To: Your message of "Sun, 04 Nov 2001 14:10:43 EST." <20011104140305.C18599-100000@zoraida.natserv.net> Date: Sun, 04 Nov 2001 20:14:28 +0100 Message-ID: <21611.1004901268@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20011104140305.C18599-100000@zoraida.natserv.net>, Francisco Reyes writes: >I am trying to see which method would be best for the following. I have an >ID I use to copy data from one machine to another using SSH. I created >some passwordless keys for the ID so the synchronization program, unison, could run >unatended. > >As an additional precaution I wanted to isolate what the ID could see. I >was unable to understand the chroot man page and the jail page will take >me some time to read so I am going to print it and read it carefully. Both chroot and jail must be run as root. Chroot doesn't hide anything only jail does. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message