also sprach Bryan Andersen (on Sat, 22 Sep 2001 05:42:23PM -0500): > For even better security, just make the standard install chrooted > if it is of wise security reasons to. I've long questioned why > this hasn't been done for many daemons already. I know some people > may feel that because it breaks something or another one shouldn't > do this, but I know bind doesn't break anything by being chrooted. > What about others? my postfix runs in a total chroot (even more than standard debian). so does my proftpd. problem with the latter is, of course, that no users can use ftp to access their homedirectories, which i don't consider a problem. i could enable it with 'mount --bind /home /chroot/proftpd/home' but i don't mind imposing sftp on everyone for security reasons anyway! other than that, i have long wanted to set up an apache chroot. i don't know of other daemons (read: i don't use other daemons), which would profit from a chroot... martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck -- laugh alone and the world thinks you're an idiot.
Attachment:
pgpyjpt7qnAMb.pgp
Description: PGP signature