Securely sharing directories between jails
Stas Verberkt
legolas at legolasweb.nl
Wed Feb 1 07:30:18 UTC 2012
L.S.,
I want to set up my system in a way where applications are clustered
over jails, e.g. a httpd, smbd and dbmsd jail. However, in most cases I
need to share data over the jails, which is stored on the host.
Often, nullfs and mounting ro is suitable, but I need write access in
some cases. As nullfs rw over multiple jails can be considered insecure,
I was wondering what would be a secure way.
The only thing I could come up with was having both a NFS server and
client running on the host and mounting such that all access is mapped
to an account with less privileges. However, it seems like a waste to
NFS with yourself. Thus, are there any better ways to achieve this?
(I also thought of using nosuid flags, but I'm not sure if this is
enough.)
Kind regards,
Stas Verberkt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 891 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120201/ca64248e/attachment.pgp
More information about the freebsd-questions
mailing list