Date: Thu, 14 Feb 2002 19:01:21 -0500 From: Chris Faulhaber <jedgar@fxp.org> To: Jim Durham <durham@w2xo.pgh.pa.us> Cc: freebsd-security@freebsd.org Subject: Re: Jail question Message-ID: <20020215000121.GA48563@peitho.fxp.org> In-Reply-To: <Pine.BSF.4.21.0202141430160.25249-100000@w2xo.pgh.pa.us> References: <Pine.BSF.4.21.0202141430160.25249-100000@w2xo.pgh.pa.us>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Thu, Feb 14, 2002 at 02:35:47PM +0000, Jim Durham wrote: > I just recently discovered jail and started reading the > material by phk on how it works. > > Ok, you can have a general over-all supervisory root account and > you can have a root account in each jail. > > Let's say you make a jail for each department in a company. > Suppose you have a situation where you have certain users who > are not capable of system administration, but, they are supervisors > who need to be able to read and modify files in all the jails, but > not modify system config files, etc owned by the jail root account. > > How could you accomplish this? > You can wait until 5.0 is released which has support for filesystem ACLs allowing finer-grained access control for files :) -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjxsT9EACgkQObaG4P6BelAsCgCfYOD9bMOXHoqK3p9ryC4KS1Vy pxAAn0VCtU5VRXG0j8IWAllc7aJLTyOa =C3Gr -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020215000121.GA48563>