From owner-freebsd-security  Thu Feb 14  6:35:52 2002
Delivered-To: freebsd-security@freebsd.org
Received: from w2xo.pgh.pa.us (18.gibs5.xdsl.nauticom.net [209.195.184.19])
	by hub.freebsd.org (Postfix) with ESMTP id 4C5FF37B400
	for <freebsd-security@freebsd.org>; Thu, 14 Feb 2002 06:35:48 -0800 (PST)
Received: from localhost (localhost.pgh.pa.us [127.0.0.1])
	by w2xo.pgh.pa.us (8.11.6/8.11.3) with ESMTP id g1EEZll25280
	for <freebsd-security@freebsd.org>; Thu, 14 Feb 2002 14:35:47 GMT
	(envelope-from durham@w2xo.pgh.pa.us)
Date: Thu, 14 Feb 2002 14:35:47 +0000 (GMT)
From: Jim Durham <durham@w2xo.pgh.pa.us>
To: freebsd-security@freebsd.org
Subject: Jail question
Message-ID: <Pine.BSF.4.21.0202141430160.25249-100000@w2xo.pgh.pa.us>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I just recently discovered jail and started reading the
material by phk on how it works.

Ok, you can have a general over-all supervisory root account and
you can have a root account in each jail.

Let's say you make a jail for each department in a company.
Suppose you have a situation where you have certain users who
are not capable of system administration, but, they are supervisors
who need to be able to read and modify files in all the jails, but
not modify system config files, etc owned by the jail root account.

How could you accomplish this?

Jim Durham



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message