Date: Thu, 22 Aug 2024 19:07:05 +0000 (UTC) From: doug <doug@safeport.com> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-questions@freebsd.org Subject: Re: security.bsd.see_other_uids/gids and jails Message-ID: <61ed9412-563-a5f-a3c0-66ff23cb5ac4@safeport.com> In-Reply-To: <902826c1-fc50-48aa-867d-8010b5814df2@netfence.it> References: <902826c1-fc50-48aa-867d-8010b5814df2@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Aug 2024, Andrea Venturoli wrote: > Hello. > > Is there any way to set security.bsd.see_other_uids and > security.bsd.see_other_gids per jail? > > I'd like to keep them to 0 for better security, but I've got a couple of > software that requires one or the other. > Since those software are in their own jail, is it possible to disable them > globally, but allow them only in those jail? > > Guess the answer is no :(, but I thought I'd ask... > > bye & Thanks > av. > > The rules of the road here are: make an effort to answer the question, which I doing anyway: echo 'security.bsd.see_other_uids=0' >> /etc/sysctl.conf echo 'security.bsd.see_other_gids=0' >> /etc/sysctl.conf This assume you installed FreeBSD. During installation you are asked if you want to do this.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61ed9412-563-a5f-a3c0-66ff23cb5ac4>