From owner-freebsd-security  Thu Feb 14 16: 1:44 2002
Delivered-To: freebsd-security@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP id 93BDC37B400
	for <freebsd-security@freebsd.org>; Thu, 14 Feb 2002 16:01:27 -0800 (PST)
Received: by peitho.fxp.org (Postfix, from userid 1501)
	id A9A8113667; Thu, 14 Feb 2002 19:01:21 -0500 (EST)
Date: Thu, 14 Feb 2002 19:01:21 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: Jim Durham <durham@w2xo.pgh.pa.us>
Cc: freebsd-security@freebsd.org
Subject: Re: Jail question
Message-ID: <20020215000121.GA48563@peitho.fxp.org>
Mail-Followup-To: Chris Faulhaber <jedgar@fxp.org>,
	Jim Durham <durham@w2xo.pgh.pa.us>, freebsd-security@freebsd.org
References: <Pine.BSF.4.21.0202141430160.25249-100000@w2xo.pgh.pa.us>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="u3/rZRmxL6MmkK24"
Content-Disposition: inline
In-Reply-To: <Pine.BSF.4.21.0202141430160.25249-100000@w2xo.pgh.pa.us>
User-Agent: Mutt/1.3.24i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 14, 2002 at 02:35:47PM +0000, Jim Durham wrote:
> I just recently discovered jail and started reading the
> material by phk on how it works.
>=20
> Ok, you can have a general over-all supervisory root account and
> you can have a root account in each jail.
>=20
> Let's say you make a jail for each department in a company.
> Suppose you have a situation where you have certain users who
> are not capable of system administration, but, they are supervisors
> who need to be able to read and modify files in all the jails, but
> not modify system config files, etc owned by the jail root account.
>=20
> How could you accomplish this?
>=20

You can wait until 5.0 is released which has support for filesystem
ACLs allowing finer-grained access control for files :)

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjxsT9EACgkQObaG4P6BelAsCgCfYOD9bMOXHoqK3p9ryC4KS1Vy
pxAAn0VCtU5VRXG0j8IWAllc7aJLTyOa
=C3Gr
-----END PGP SIGNATURE-----

--u3/rZRmxL6MmkK24--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message