On Mon, 2004-12-20 at 19:30 -0700, Brett Glass wrote: > At 03:19 PM 12/20/2004, Nigel Houghton wrote: > > >Take a look at the Jail project, you'll find it here... > > > > http://www.jmcresearch.com/projects/jail/ > > > >..and in ports/sysutils/ along with some other jail tools, it may > >provide some of the features you are looking for. > > Looks useful. (Shame it's GPLed.) In any case, it seems to me that > creation of a jail the way this tool does it (and the way most people > have to do it in general) requires a lot of redundant copies of files. > Wouldn't it be neat if there were a type of link (not quite soft, not > quite hard; call it "firm") that would let you link to the current > master copies of executables (rather than copying them) but not > let the inmates out of their jails? Hard links have the disadvantage > that they're broken when you upgrade an executable; soft links can't > be used because, well, you're in a jail. The type of link I have in > mind would be symbolic but resolved by the system behind the scenes; > from inside the jail it wouldn't look like a link. > > --Brett > FreeBSD has its own jail (8) system which might be useful but yes it requires redundant files. You could also look at using a restricted shell (pdksh has he option but I'm not sure about csh) as well. I'm looking at doing anonymous cvs over ssh where i formerly used a jail. I haven't tried it yet but a restricted shell looks like it may provide me with what I need. Last time I did an sftp jail I believe I used chrsh which can be found here: http://www.aarongifford.com/computers/chrsh.html Tom -- BSD# Project - Porting Mono to FreeBSD http://forge.novell.com/modules/xfmod/project/?bsd-sharp _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"