subject:"Re\: can a jail have link to outside of the jail\?"

Re: can a jail have link to outside of the jail?

2012-08-16 Thread Jeff Tipton


On 08/16/2012 21:51, Len Conrad wrote:

I have an ssh user who needs only to search some log files not in his jail. The 
jail required because I don't want the user seeing the rest the machine.  If 
the dirs were linked to his jail, would that work?

What I'd really like is something like ftpchroot for but ssh.

suggestions?

Len


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
It's not clear from what you are writing whether you mean JAIL(8) (a 
secure, virtual FreeBSD OS on top of host OS) or chrooted directories. 
Anyway, ssh can be set up very easily to have some chrooted sftp users. 
Read this:


https://calomel.org/sftp_chroot.html

You will probably have to think about where to place the log directory 
it if it's important to have no other logs in it.


-Jeff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: can a jail have link to outside of the jail?

2012-08-16 Thread Devin Teske


On Aug 16, 2012, at 11:51 AM, Len Conrad wrote:

 
 I have an ssh user who needs only to search some log files not in his jail. 
 The jail required because I don't want the user seeing the rest the machine.  
 If the dirs were linked to his jail, would that work? 
 

To show a directory from a base-host to a member-jail, I'd recommend using a 
nullfs-mount.

Furthermore, you can automate the process in 2 different ways (scoped 
differently depending on how you use jails).

You can add jail_{name}_mount_enable=YES to rc.conf(5) which enables the 
automatic handling of /etc/fstab.{name} every time you perform a service jail 
start|stop|restart {name} (the mount will automatically be mounted and 
unmounted on-demand of bringing the jail up-and-down irrespective of the base 
host but respective to each jail). You'd load you /etc/fstab.{name} with your 
nullfs mounts.

The second way is of course is to put all your nullfs mounts into /etc/fstab 
(proper) but mark them as noauto (if desired) and optionally (if going the 
noauto approach) add jail_{name}_exec_prestart=mount dirname and likewise 
[optional] jail_{name}_exec_poststop=umount dirname

All depending on how you use jails.

If you'd of course rather prefer all the mounts come up at boot and go from 
permanent directories to permanent directories (which you know will never go 
away), _and_ you like the idea of not having mounts going up and down with your 
jails (perhaps you're fine-tuning your jail's startup), I'd say throw them into 
/etc/fstab full-auto and not associate them with the jails. But it's all up to 
you.

Hope that helps.


 What I'd really like is something like ftpchroot for but ssh.
 

Hmmm, does the above approach work better? just exposing one directory to his 
jail via nullfs?


 suggestions?
 

-- 
Cheers,
Devin

_
The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: can a jail have link to outside of the jail?

2012-08-16 Thread Christer Solskogen

On Thu, Aug 16, 2012 at 8:51 PM, Len Conrad lcon...@go2france.com wrote:

 I have an ssh user who needs only to search some log files not in his jail. 
 The jail required because I don't want the user seeing the rest the machine.  
 If the dirs were linked to his jail, would that work?


man mount_nullfs(8)

-- 
chs,
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: can a jail have link to outside of the jail?

2012-08-16 Thread Wojciech Puchar



I have an ssh user who needs only to search some log files not in his jail. The 
jail required because I don't want the user seeing the rest the machine.  If 
the dirs were linked to his jail, would that work?

man mount_nullfs
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: can a jail have link to outside of the jail?

Re: can a jail have link to outside of the jail?

Re: can a jail have link to outside of the jail?

Re: can a jail have link to outside of the jail?

4 matches

Site Navigation

Mail list logo

Footer information