[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)

also sprach Bryan Andersen (on Sat, 22 Sep 2001 05:42:23PM -0500):
> For even better security, just make the standard install chrooted
> if it is of wise security reasons to.  I've long questioned why 
> this hasn't been done for many daemons already.  I know some people
> may feel that because it breaks something or another one shouldn't
> do this, but I know bind doesn't break anything by being chrooted.
> What about others?

my postfix runs in a total chroot (even more than standard debian). so
does my proftpd. problem with the latter is, of course, that no users
can use ftp to access their homedirectories, which i don't consider a
problem. i could enable it with 
'mount --bind /home /chroot/proftpd/home'
but i don't mind imposing sftp on everyone for security reasons

other than that, i have long wanted to set up an apache chroot. i
don't know of other daemons (read: i don't use other daemons), which
would profit from a chroot...

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
laugh alone and the world thinks you're an idiot.

Attachment: pgpcPb1LEI1Py.pgp
Description: PGP signature

Reply to: