chroot'ed environments (Re: Secure (regular) Scripts_)

[David C Lawrence]

In article <2481 at pkmab.se> ske at pkmab.se (Kristoffer Eriksson) writes:
> Is there any way to allow a "chroot-ed" user to exchange mail and news
> with the rest of the system? I've tried to come up with a simple solution,
> but failed. The problem is that the spool directories for mail and news
> are not accessible from inside the "chroot-ed" environment.

As Larry Wall mentioned, NNTP quite handily solves the news problem.
SMTP or POP could handle mail.  Another method, though, without
installing new software and still allowing direct use of the local
spooling, would be to put the spool area within that chroot'ed
environment and possibly make other links (symlink capability helps a
lot here since you will probably end up crossing fs boundaries) around
the system to cope with the real location of the spool.  For example,
in a Berkeley enviroment you could put /chroot on a big partition with
/chroot/spool as one of the subdirectories.  Make a link from
/var/spool/mail to /chroot/spool/mail and you're in business.

Things like this can come in handy for ftp.  With one system on which
I worked I wanted to make our rasters available for other people via
ftp and didn't quite have the diskspace (or desire) to have ten meg of
rasters duplicated in another part of the fs.  So I put them all in
~ftp (chroot'ed by in.ftpd) under pub/backgrounds/ and made a symlink
to that directory from /usr/lib/backgrounds.  Users on the system
typically accessed them through the latter path and I used it as the
standard path when compiling various programmes like x{bg,view}sun.

Dave
-- 
   (setq mail '("tale at cs.rpi.edu" "tale at ai.mit.edu" "tale at rpitsmts.bitnet"))