Re: chroot & mount --bind = security ?

From: link (link_at_twistedslinky.org)
Date: 04/06/04

  • Next message: Thomas Knop: "Re: chroot & mount --bind = security ?"
    Date: Tue, 6 Apr 2004 14:28:01 -0400
    To: focus-linux@securityfocus.com
    
    

    > I would like to do like this :
    >
    > - A folder /var/www witch contains my html documents
    > - mount --bind /var/www /chroot/httpd/var/www to allow the web server to access them
    > - mount --bind /var/www /chroot/ftpd/var/www to allow the ftp server to update them
    >
    > And now ... questions :
    >
    > - does it working ?
    > - is there a security problem with it ?
    > - is there another method (more secure/simple) to do this ?
    >
    > Thanks for your read, have a nice day.
    >
    > Julien Nury

    This is how I do it for my chroot'd ftp server, since 'ln -s' obviously
    won't work. I don't see any security issues (other than the regular fs
    perms). One note, mouting --bind,ro doesn't seem to actually mount
    read-only. If anyone has any ideas why, I've always been curious.

    Ryan

    -- 
    I have often wondered if the majority of mankind ever pause to reflect
    upon the occasionally titanic significance of dreams, and of the obscure
    world to which they belong.  -- H.P. Lovecraft
    

  • Next message: Thomas Knop: "Re: chroot & mount --bind = security ?"