HEADS UP: named now runs chroot'ed by default

Sten Spans sten at blinkenlights.nl
Wed Oct 6 12:50:51 PDT 2004

On Wed, 6 Oct 2004, Tillman Hodgson wrote:

> On Tue, Oct 05, 2004 at 05:11:16PM -0700, Doug Barton wrote:
> > On Thu, 30 Sep 2004, Tillman Hodgson wrote:
> >
> > >How does chroot and NFS interact?
> >
> I can move away from that model easily enough, I just need to actually
> make a plan to do so. If NFS and chroot are unhappy bedfellows, I'll do
> so :-)

The only common nfs vs chroot issue one normally encounters
is chroot interacting with root-squashing.
One can only chroot as root, but root squashing will stop
root from entering secure homedirs. Running setuid before chroot
fixes the squashing, but then you can't chroot anymore.

The easy way out is mode 710 and setgid, chroot, setuid.
Linux has setfsuid for this purpose.

That said, I wouldn't normally run nameservers with nfs personally,
I like them widely distributed which kinda clinches with nfs.

Sten Spans

"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem

More information about the freebsd-current mailing list