From owner-freebsd-security  Fri Oct  6  4:17:12 2000
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id 1B1BD37B66D
	for <freebsd-security@FreeBSD.ORG>; Fri,  6 Oct 2000 04:17:03 -0700 (PDT)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.3) id NAA10286;
	Fri, 6 Oct 2000 13:15:42 +0200 (CEST)
	(envelope-from des@ofug.org)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Kris Kennaway <kris@citusc.usc.edu>
Cc: Bart_van_Leeuwen@doosys.com, "Jacques A. Vidrine" <n@nectar.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL
References: <OFB0C2480F.3416AB2D-ONC125696F.00437311@intra.doosys.com> <20001006020820.A91130@citusc17.usc.edu>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 06 Oct 2000 13:15:42 +0200
In-Reply-To: Kris Kennaway's message of "Fri, 6 Oct 2000 02:08:21 -0700"
Message-ID: <xzphf6qfcf5.fsf@flood.ping.uio.no>
Lines: 21
User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris Kennaway <kris@citusc.usc.edu> writes:
> Read-only nullfs mounts might be good enough for a relatively few
> number of users (they're working in -current nowadays). It would be
> interesting to try and do this in practice and see if it's usable, and
> if not, why not.

At my previous place of employment, I implemented a system for running
separate virtual hosts' CGI scripts in separate chroot trees (no jail,
this was on 3.x and only moved to 4.x a week or two before I quit). I
had a tree template that included a minimal set of binaries, libraries
and configuration files (resolv.conf, passwd, group etc.). The setup
script (written in Perl) would create hard links between the template
and the user's tree, so very little additional disk space was needed
for each user. If you needed to change something in the template, you
could run the setup script again and it would compare inode numbers
and relink files that had changed. Naturally, none of the shared files
were writable by any of the users.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message