best practice for locking down private jail?
Steve O'Hara-Smith
steve at sohara.org
Thu Dec 10 15:02:53 UTC 2015
On Thu, 10 Dec 2015 15:40:08 +0100
Michael Firnau <mfi at tf.uni-kiel.de> wrote:
> On Thu, Dec 03, 2015 at 06:45:16PM -0800, Aleksandr Miroslav wrote:
> > On Wed, Dec 2, 2015 at 11:39 PM, Steve O'Hara-Smith <steve at sohara.org>
> > wrote:
> > > I would set up two jails - one as the upload jail the other the web
> > > server and use a cron job on the host to move verified mp3 files
> >
> > Excellent advice, I will do just that.
>
> I think the cron job isn't needed. Create a directory outside the jails
> and mount it as nullfs and 'rw' into the upload jail and 'ro' into the
> web server jail. We do this on a zfs basis.
That works of course, but loses the opportunity to verify the files
before putting them online.
--
Steve O'Hara-Smith <steve at sohara.org>
More information about the freebsd-questions
mailing list