Re: HEADS UP: named now runs chroot'ed by default

From: Sten Spans <sten_at_blinkenlights.nl>
Date: Wed, 6 Oct 2004 21:50:48 +0200 (CEST)
On Wed, 6 Oct 2004, Tillman Hodgson wrote:

> On Tue, Oct 05, 2004 at 05:11:16PM -0700, Doug Barton wrote:
> > On Thu, 30 Sep 2004, Tillman Hodgson wrote:
> >
> > >How does chroot and NFS interact?
> >
<snip>
>
> I can move away from that model easily enough, I just need to actually
> make a plan to do so. If NFS and chroot are unhappy bedfellows, I'll do
> so :-)
>

The only common nfs vs chroot issue one normally encounters
is chroot interacting with root-squashing.
One can only chroot as root, but root squashing will stop
root from entering secure homedirs. Running setuid before chroot
fixes the squashing, but then you can't chroot anymore.

The easy way out is mode 710 and setgid, chroot, setuid.
Linux has setfsuid for this purpose.

That said, I wouldn't normally run nameservers with nfs personally,
I like them widely distributed which kinda clinches with nfs.

-- 
Sten Spans

"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem
Received on Wed Oct 06 2004 - 17:50:51 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:15 UTC