[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] rsync files

From: Olivier Sessink
Subject: Re: [Jailkit-users] rsync files
Date: Thu, 05 Jan 2006 10:37:06 +0100
User-agent: Debian Thunderbird 1.0.7 (X11/20051017)

Bas Jansen wrote:
> No it's quite different (if you meant the first version), on the server
> sides you now have a read only mount (bind in the 1 i spread out, might
> switch to loopback to save on disk space) that only contains the setuid
> rooted rsync, the libraries and the etc user file (for just that jail
> user). Then there is a no-dev, no-suid, no-exec writeable mount mounted
> under that other mount as /data where the stuff is actually written.
> This means that you can't read device files from the backup, can't
> modify any files that  are used in the jail itself since they are
> read-only.
> Hope that explains a bit? ... i should draw a simple model of it some
> time to make it easily visible i guess :P

or we could describe this setup as a jailkit howto..?

"Howto jail setuid processes" or "Howto safely jail a setuid root rsync"


reply via email to

[Prev in Thread] Current Thread [Next in Thread]