From owner-freebsd-questions Mon Dec 9 11:31:10 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 686E037B401 for ; Mon, 9 Dec 2002 11:31:09 -0800 (PST) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC9EE43EBE for ; Mon, 9 Dec 2002 11:31:08 -0800 (PST) (envelope-from swear@attbi.com) Received: from localhost.localdomain ([12.242.158.67]) by sccrmhc01.attbi.com (sccrmhc01) with ESMTP id <2002120919310700100ppucoe>; Mon, 9 Dec 2002 19:31:07 +0000 Received: from localhost.localdomain (localhost [127.0.0.1]) by localhost.localdomain (8.12.6/8.12.5) with ESMTP id gB9JW0Bl001359; Mon, 9 Dec 2002 11:32:01 -0800 (PST) (envelope-from swear@attbi.com) Received: (from jojo@localhost) by localhost.localdomain (8.12.6/8.12.5/Submit) id gB9JVkM5001354; Mon, 9 Dec 2002 11:31:46 -0800 (PST) (envelope-from swear@attbi.com) X-Authentication-Warning: localhost.localdomain: jojo set sender to swear@attbi.com using -f To: Ruben de Groot Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Installing additional ports in a jail! References: <20021209085617.GA64454@rock.stable.ch> <000001c29f61$fcf58c70$952b6e94@lucifer> <20021209092542.GA76303@ei.bzerk.org> From: swear@attbi.com (Gary W. Swearingen) Date: 09 Dec 2002 11:31:46 -0800 In-Reply-To: <20021209092542.GA76303@ei.bzerk.org> Message-ID: <7vof7vvvj1.f7v@localhost.localdomain> Lines: 20 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ruben de Groot writes: > I usually follow this procedure (on the host system, not inside the jail): I know the basic concept of jails, but have never used them and don't understand them well. Please tell me if you think they could be used to solve this "problem" I've always had with installing software: Most software (ports in this case) require you to run third-party scripts as root, making it quite easy for those parties to corrupt the root-owned/private parts of your OS. (I tried giving the whole ports system to a special non-root user, but way too many scripts are actually nasty enough as to insist that the user is root.) Could I have a whole ports system in a jail so that I can run their scripts as root while they cannot cause damage outside the jail? (I'd probably want another ports system for the few ports who's executables I intend to run as root, or maybe copy (or link?) them out of the jail.) Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message