From owner-freebsd-stable Thu Feb 1 9:40:26 2001 Delivered-To: freebsd-stable@freebsd.org Received: from yertle.kciLink.com (yertle.kciLink.com [208.184.13.195]) by hub.freebsd.org (Postfix) with ESMTP id 5165237B65D for ; Thu, 1 Feb 2001 09:40:08 -0800 (PST) Received: from onceler.kciLink.com (onceler.kciLink.com [208.184.13.196]) by yertle.kciLink.com (Postfix) with ESMTP id B201F2E440 for ; Thu, 1 Feb 2001 12:40:07 -0500 (EST) Received: (from khera@localhost) by onceler.kciLink.com (8.11.1/8.11.1) id f11He7Q84383; Thu, 1 Feb 2001 12:40:07 -0500 (EST) (envelope-from khera) From: Vivek Khera MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14969.40823.370037.847034@onceler.kciLink.com> Date: Thu, 1 Feb 2001 12:40:07 -0500 To: stable@FreeBSD.ORG Subject: Re: chrooting bind In-Reply-To: References: <14969.39780.805831.185241@onceler.kciLink.com> X-Mailer: VM 6.90 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>> "GT" == Gordon Tetlow writes: GT> On Thu, 1 Feb 2001, Vivek Khera wrote: >> Pretty much the only thing you have to do to run bind in chroot is to >> set the named_flags="-g bind -u bind" flags in /etc/rc.conf. That's >> my understanding of it based on the FreeBSD docs. GT> Correct me if I'm wrong, but this is only a sandbox (run as a different GT> user) while this person wants to set up a true chroot environment. Hmmm. I got the impression that it was chrooted from somewhere... I guess I was wrong. I'll track that down and send a bug report to the docs team. But in my mind sandbox == chroot. GT> Personally, I think that the former is adequete as nothing else on the box GT> is owned by the bind user. Good 'nuff for government work ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message