Multi-User Security
Gregory Sutter
gsutter at zer0.org
Tue May 18 01:35:30 PDT 2004
On 2004-05-18 14:41 +1000, Norberto Meijome <freebsd at meijome.net> wrote:
> Richard Coleman wrote:
>
> >Using a chroot or a jail is the way to go if possible. If you can't use
> >that, then unix permissions or ACL's is the next bet. Restricting
> >commands is the most fragile solution since in many cases it can be
> >subverted.
>
> Excuse my ignorance, could you quickly tell me the difference (or point
> me to a good reference article/book) between chroot + jail?
> is it that a jail is always chrooted but not the other way around?
> is a jail more encompassing than chroot only?
If you had typed "freebsd jail" into Google, this paper would have
been the first of several hundred useful links. The answer to your
question is in its introduction.
http://docs.freebsd.org/44doc/papers/jail/jail.html
Greg
--
Gregory S. Sutter Was Jimi's modem a Purple Hayes?
mailto:gsutter at zer0.org
http://zer0.org/~gsutter/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040518/277cec65/attachment.bin
More information about the freebsd-security
mailing list