Thread: Re: (chroot tools)
Brought to you by:
xystrus
From: Derek M. <co...@pi...> - 2015-11-19 18:03:27
|
On Thu, Nov 19, 2015 at 07:32:29AM -0500, Nico Kadel-Garcia wrote: > I hope you didn't mind my posting the link! No, of course not, not at all. > Please reconsider this policy. I've considered it several times already, and arrive at the same conclusion each time. That's unlikely to change. > I admit I don't currently maintain any real UNIX systems. (Not that > I haven't, my first UNIX was BSD 4.2!) The tools likely to be > created when "doing it by hand anyway" are likely to be unwieldy and > undocumented. and to fail flat-out fail for reasons that new > engineers may be unaware of. But your tools don't really help them, unless they're on one of a very specific set of platforms. That's the point: there's no universal way to do this right. Also, if you're going to be administering a setup like this, you should really UNDERSTAND what you're doing so you don't botch it. > I'm happy to maintain these for now: it just seems logical to bundle > them with rssh, for discoverability by new administrators, for > availability with Fedora and Debian, where the software is avaialble > bundled up. Those distros can provide whatever tools they want, specific to their own configurations. You should lobby them, not me. ;) IIRC I do provide a sample script that illustrates the gist of how to do it... it's left as an exercise to the admin to figure out the details on the relevant platform. And like I said, I don't maintain a contribs directory because I have no way to test those tools, and frankly wouldn't want to do it even if I could, and don't want people bugging me about it. That's why this list exists... if people are having trouble, they can ask other experienced users for help. The list is archived and searchable, so new people can benefit from old answers. And that, as far as I'm concerned, is the right way to solve the problem. Security is hard; if you don't understand what you're doing, you WILL get it wrong... every time. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |