On Aug 16, 2012, at 11:51 AM, Len Conrad wrote:
I have an ssh user who needs only to search some log files not in his jail.
The jail required because I don't want the user seeing the rest the machine.
If the dirs were linked to his jail, would that work?
To show a directory from a base-host to a member-jail, I'd recommend using a
nullfs-mount.
Furthermore, you can automate the process in 2 different ways (scoped
differently depending on how you use jails).
You can add jail_{name}_mount_enable=YES to rc.conf(5) which enables the
automatic handling of /etc/fstab.{name} every time you perform a service jail
start|stop|restart {name} (the mount will automatically be mounted and
unmounted on-demand of bringing the jail up-and-down irrespective of the base
host but respective to each jail). You'd load you /etc/fstab.{name} with your
nullfs mounts.
The second way is of course is to put all your nullfs mounts into /etc/fstab
(proper) but mark them as noauto (if desired) and optionally (if going the
noauto approach) add jail_{name}_exec_prestart=mount dirname and likewise
[optional] jail_{name}_exec_poststop=umount dirname
All depending on how you use jails.
If you'd of course rather prefer all the mounts come up at boot and go from
permanent directories to permanent directories (which you know will never go
away), _and_ you like the idea of not having mounts going up and down with your
jails (perhaps you're fine-tuning your jail's startup), I'd say throw them into
/etc/fstab full-auto and not associate them with the jails. But it's all up to
you.
Hope that helps.
What I'd really like is something like ftpchroot for but ssh.
Hmmm, does the above approach work better? just exposing one directory to his
jail via nullfs?
suggestions?
--
Cheers,
Devin
_
The information contained in this message is proprietary and/or confidential.
If you are not the intended recipient, please: (i) delete the message and all
copies; (ii) do not disclose, distribute or use the message in any manner; and
(iii) notify the sender immediately. In addition, please be aware that any
message addressed to our domain is subject to archiving and review by persons
other than the intended recipient. Thank you.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org