Date: Fri, 30 May 1997 17:09:24 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Bob Bishop <rb@gid.co.uk> Cc: hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? Message-ID: <Pine.BSF.3.91.970530170721.14689r-100000@panda.hilink.com.au> In-Reply-To: <l03020900afb428738dc8@[194.32.164.2]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 30 May 1997, Bob Bishop wrote: > At 0:03 +0100 30/5/97, Daniel O'Callaghan wrote: > >On Thu, 29 May 1997, Bob Bishop wrote: > > > >> I'm sure I'm being desperately naive here, but isn't it sufficient for > >> safety to make chroot(2) a successful no-op unless / is really / (ie the > >> process isn't chrooted already)? > > > >That means that you can't run anon ftp properly in a chrooted file system, > >because ftpd is not allowed to chroot again. > > Why would you want to do that? Well, I have virtual machines for my virtual WWW service - http, ftpd and telnetd all run chroot()ed. The customer can access everywhere in their virtual machine, and they have an anon ftp area which they can administer, but which gets chrooted again if someone logs in as anonymous. /* Daniel O'Callaghan */ /* HiLink Internet <http://www.hilink.com.au/>; danny@hilink.com.au */ /* FreeBSD - works hard, plays hard... danny@freebsd.org */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970530170721.14689r-100000>