Date: Thu, 23 Aug 2001 16:45:11 +0300 From: "Igor Melnichuk" <simplyi@skif.net> To: <freebsd-security@FreeBSD.ORG> Subject: Re: jail & security Message-ID: <002901c12bd9$d7ecc300$45e03ac3@skif.net> References: <004401c12bd5$21918d60$3303a8c0@needhams.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > no chances. It's a very pain jail feature (weakness). :( > > I actually disagree. It it possible to limit a users resources within a > jail. You can use login classes in a jail just as you can outside it. See > login.conf(5) > www.designcurve.net/articles/os/freebsd/doc/man/?section=&topic=login.conf 100% true and it works fine. But You can't restrict 'root' in case when You have to delegate this privileges to somebody (to make customization of apache for instance). Such user can always override 'login.conf' so this is not 'perfect' solution. I prefer 'system' control. igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002901c12bd9$d7ecc300$45e03ac3>