Re: chroot & mount --bind = security ?
From: link (link_at_twistedslinky.org)
Date: Tue, 6 Apr 2004 14:28:01 -0400 To: firstname.lastname@example.org
> I would like to do like this :
> - A folder /var/www witch contains my html documents
> - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
> - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
> And now ... questions :
> - does it working ?
> - is there a security problem with it ?
> - is there another method (more secure/simple) to do this ?
> Thanks for your read, have a nice day.
> Julien Nury
This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
won't work. I don't see any security issues (other than the regular fs
perms). One note, mouting --bind,ro doesn't seem to actually mount
read-only. If anyone has any ideas why, I've always been curious.
-- I have often wondered if the majority of mankind ever pause to reflect upon the occasionally titanic significance of dreams, and of the obscure world to which they belong. -- H.P. Lovecraft