[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] rsync files
From: |
Bas Jansen |
Subject: |
Re: [Jailkit-users] rsync files |
Date: |
Thu, 05 Jan 2006 09:13:32 +0100 |
No it's quite different (if you meant the first version), on the server
sides you now have a read only mount (bind in the 1 i spread out, might
switch to loopback to save on disk space) that only contains the setuid
rooted rsync, the libraries and the etc user file (for just that jail
user). Then there is a no-dev, no-suid, no-exec writeable mount mounted
under that other mount as /data where the stuff is actually written.
This means that you can't read device files from the backup, can't
modify any files that are used in the jail itself since they are
read-only.
Hope that explains a bit? ... i should draw a simple model of it some
time to make it easily visible i guess :P
Greetings,
Bas
On Wed, 2006-01-04 at 23:18 +0100, Olivier Sessink wrote:
> Bas Jansen wrote:
>
> > THIS way i am more convinced that it's (near?) unbreakable....
>
> what exactly is more unbreakable than your previous setup? it's the same
> idea on the server, right?
>
> Olivier
>
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
Re: [Jailkit-users] chrootsh login problem, Olivier Sessink, 2006/01/04