From owner-freebsd-net Fri Dec 15 13: 8: 3 2000 From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 13:08:01 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 831D437B400 for ; Fri, 15 Dec 2000 13:08:00 -0800 (PST) Received: from wkst ([209.16.228.146]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id QAA29155 for ; Fri, 15 Dec 2000 16:10:55 -0500 Reply-To: From: "Peter Brezny" To: Subject: named in a sand box. Date: Fri, 15 Dec 2000 16:06:57 -0800 Message-ID: <002d01c066f4$1ba7a980$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a nomenclature ignorance when it comes to the term sandbox. When someone says, "named runs in a sandbox on my machine." Do they mean a) named runs under an unpriviliged user or b) named runs in a chrooted environment or c) both ? In the /etc/namedb/named.conf it says that freebsd runs bind in a sandbox and refers to the named flags in rc.conf, and when you look at those flags in /etc/defults/named.conf all you see is the -u and -g options for the flags, NOT the -t option for running in a chrooted environemnt. This led me to believe that 'sandbox' means unpriviliged user. But when i posed a related question on -questions, someone told me that sandbox = chrooted environment. I also want to know, if you are running named under an unpriviliged user, is it worth the extra trouble to run it chrooted? Thanks for your help. Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message