Date: Sat, 22 Aug 2015 11:01:54 -0400 From: Brandon Allbery <allbery.b@gmail.com> To: Rainer Duffner <rainer@ultra-secure.de> Cc: Johan Hendriks <joh.hendriks@gmail.com>, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: SSH Chroot FreeBSD 10.1 and 10.2 Message-ID: <CAKFCL4UYcJYmXLLKxatnRAEQftJ_2bgAbgMdfKiGm-0o6JSGjA@mail.gmail.com> In-Reply-To: <F77B357B-3DD3-40AC-A16F-027FAC9CA136@ultra-secure.de> References: <55D879DA.1070407@gmail.com> <CAKFCL4V=bUiHo4Mtjw67sYRddC6fbodS3koYg5qZkExr6BueRw@mail.gmail.com> <F77B357B-3DD3-40AC-A16F-027FAC9CA136@ultra-secure.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 22, 2015 at 10:54 AM, Rainer Duffner <rainer@ultra-secure.de> wrote: > I found it=E2=80=99s much easier to have actual chroot=E2=80=99ed ssh use= rs once the users > themselves are in an LDAP-directory. > Also, for doing anything useful on that shell, it turned out you need a > some more devices in /dev than the usual chroot (like a chroot=E2=80=99ed= PHP-FPM, > that just needs the dev-set of jail(4)). > And a couple of symlinks. > Yep; chroots are always a pain to deal with. I have seen utilities to manage them, but only for Linux. --=20 brandon s allbery kf8nh sine nomine associate= s allbery.b@gmail.com ballbery@sinenomine.ne= t unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.ne= t
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKFCL4UYcJYmXLLKxatnRAEQftJ_2bgAbgMdfKiGm-0o6JSGjA>