From owner-freebsd-net Fri Dec 15 14:37:22 2000 From owner-freebsd-net@FreeBSD.ORG Fri Dec 15 14:37:20 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from origin.macomnet.ru (origin.macomnet.ru [195.128.64.12]) by hub.freebsd.org (Postfix) with ESMTP id 4783A37B400 for ; Fri, 15 Dec 2000 14:37:19 -0800 (PST) Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14]) by origin.macomnet.ru (8.9.1/8.9.1) with ESMTP id BAA4500453; Sat, 16 Dec 2000 01:37:09 +0300 (MSK) Date: Sat, 16 Dec 2000 01:37:09 +0300 (MSK) From: Maxim Konovalov To: Peter Brezny Cc: freebsd-net@FreeBSD.ORG Subject: Re: named in a sand box. In-Reply-To: <002d01c066f4$1ba7a980$46010a0a@sysadmininc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, On Fri, 15 Dec 2000, Peter Brezny wrote: > I have a nomenclature ignorance when it comes to the term sandbox. > > When someone says, "named runs in a sandbox on my machine." > > Do they mean > > a) named runs under an unpriviliged user > or > b) named runs in a chrooted environment > or > c) both > > ? *I* mean "both". http://www.psionic.com/papers/dns/dns-openbsd/ HTH > In the /etc/namedb/named.conf it says that freebsd runs bind in a sandbox > and refers to the named flags in rc.conf, and when you look at those flags > in /etc/defults/named.conf all you see is the -u and -g options for the > flags, NOT the -t option for running in a chrooted environemnt. > > This led me to believe that 'sandbox' means unpriviliged user. But when i > posed a related question on -questions, someone told me that sandbox = > chrooted environment. > > I also want to know, if you are running named under an unpriviliged user, is > it worth the extra trouble to run it chrooted? > > Thanks for your help. > > Peter Brezny > SysAdmin Services Inc. - - maxim -- Maxim Konovalov, MAcomnet, Internet-Intranet Dept., system engineer phone: +7 (095) 796-9079, mailto: maxim@macomnet.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message