[TriLUG] chroot standards?
Wed, 4 Sep 2002 01:01:08 -0400 (EDT)
> With that kind of question, you're -begging- for the pedants.
Saw right through that one, didn't ye? :-)
> > /opt and /usr/local didn't seem right.
> You might rethink /opt. Personally, I -hate- /opt, but it's a great
> dumping ground. Think of /opt as a second /, allowing you to create
> your own directory structure off from there.
I should've elaborated: I was, in the interest of pedantry, running
on the idea that /opt and /usr/local are sometimes suggested as
mounted ro, and thus were out for stuff like dynamic DNS updates;
MTAs; tftp uploads.
> Also, you might want to rethink your 'ew' response to /home/user.
> This has commonly been the way to chroot things, as you usually
> dedicate a user to said chroot environment. Similar to /opt,
> it lets you compartmentalize the directories.
True. I 'ew'd there out of personal preference. While you know it'll
be mounted rw, it's also usually on a different backup schedule than
your system kind of stuff, which made it seem like the wrong place.
It's not palatable-to-me, but it's feasible.
> I dislike adding new directories directly into /var.
So did I. Hence the question, and hence my only adding 1 directory,
for roots to hang under. But, /var seemed like the only place that
> Its only a free for all because none of the distributions have
> adopted a blanket chroot policy.
Right. I was hoping that, since we've got some readers who work for
the bRightlycoloredHeadcovering, maybe they could put bugs in ears
with LSB/FSSTD/FHS/whoever pholx, or think about same, or what have you.
> Is your chroot actually secure? Are you sure?
Reasonably, for the time I spent on it. And stop calling me "Shir."