Edho, On Sun, May 08, 2011 at 09:15:28AM +0700, Edho P Arief wrote: > On Sun, May 8, 2011 at 5:31 AM, Jamie Landeg Jones <ja...@bishopston.net> > wrote: > >> All the same, I've sent a PR [1] with some doc patches to make people > >> more aware of this -- fulfilling my promise of 2+ years ago :S > >> > >> Thanks! > >> > >> Chris > >> > >> [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=156853 > > > > Um. Some problems here. > > > > A jail won't work for not-root users if the jail root directory is chmod > > 700 - although > > there is obviously a 'chroot' running withing the jail, the jailed user > > still needs > > to have read permission from the hosts / -- chmod 700 therefore locks all > > non-root > > users out. > > > > It's weird - I don't remember having such problem after setting jails' > root directory permission to 700. I don't have the system anymore so I > can't verify it just yet.
It should also be noted here that the jailed root user also has permission to chmod(1) '/' to anything he or she wants unless you have taken precaution to not allow that. I would reccoment storing your jails two levels deep into a directory and chmod(1) 700 the first level to prevent access from the host and from the jailed root user changing the perms. -- Regards, (jhell) Jason Hellenthal
pgpVO1qaQpzlX.pgp
Description: PGP signature
