[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] rsync files
From: |
Olivier Sessink |
Subject: |
Re: [Jailkit-users] rsync files |
Date: |
Thu, 05 Jan 2006 10:37:06 +0100 |
User-agent: |
Debian Thunderbird 1.0.7 (X11/20051017) |
Bas Jansen wrote:
> No it's quite different (if you meant the first version), on the server
> sides you now have a read only mount (bind in the 1 i spread out, might
> switch to loopback to save on disk space) that only contains the setuid
> rooted rsync, the libraries and the etc user file (for just that jail
> user). Then there is a no-dev, no-suid, no-exec writeable mount mounted
> under that other mount as /data where the stuff is actually written.
>
> This means that you can't read device files from the backup, can't
> modify any files that are used in the jail itself since they are
> read-only.
>
> Hope that explains a bit? ... i should draw a simple model of it some
> time to make it easily visible i guess :P
or we could describe this setup as a jailkit howto..?
"Howto jail setuid processes" or "Howto safely jail a setuid root rsync"
regards,
Olivier
Re: [Jailkit-users] chrootsh login problem, Olivier Sessink, 2006/01/04