On Tue, 2005-03-15 at 23:19 +0200, Timo Sirainen wrote:
On Sun, 2005-03-13 at 23:41 -0800, BSD Mail wrote:
root dovecot 481 5 tcp4 10.0.1.4:993 *:* root dovecot 481 6 tcp4 10.0.1.4:995 *:*
Fine for the first six lines it's doing what it's doing. But the last two lines are running as root. That is why I want to chroot the server. I would like if anyone can point me to some howto or notes on how to do so. If there is none I will have to configure a jail just for this purpose.
The chrooting options in config file are meant for chrooting login, auth, imap and pop3 processes. By default it's chrooting login processes. Having the master process itself chrooted isn't supported..
Does FreeBSD prevent root user from escaping chroot? Last I heard Linux didn't even try.
FreeBSD "jails", I gather, are more effective than chroot().
Similar in concept to Solaris 10's new "Zones".
chroot() is better than nothing, in some cases though. A measure doesn't have to be 100% effective, to be worth bothering with.