Re: security.bsd.see_other_uids/gids and jails

Reply: Andrea Venturoli : "Re: security.bsd.see_other_uids/gids and jails"
In reply to: Andrea Venturoli : "security.bsd.see_other_uids/gids and jails"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: doug <doug_at_safeport.com>
Date: Thu, 22 Aug 2024 19:07:05 UTC

On Thu, 22 Aug 2024, Andrea Venturoli wrote:

> Hello.
>
> Is there any way to set security.bsd.see_other_uids and 
> security.bsd.see_other_gids per jail?
>
> I'd like to keep them to 0 for better security, but I've got a couple of 
> software that requires one or the other.
> Since those software are in their own jail, is it possible to disable them 
> globally, but allow them only in those jail?
>
> Guess the answer is no :(, but I thought I'd ask...
>
> bye & Thanks
> 	av.
>
>
The rules of the road here are: make an effort to answer the question, 
which I doing anyway:

echo 'security.bsd.see_other_uids=0' >> /etc/sysctl.conf
echo 'security.bsd.see_other_gids=0' >> /etc/sysctl.conf

This assume you installed FreeBSD. During installation you are asked if you 
want to do this.