Subject: Re: mknod in a chroot jail
To: None <tech-security@netbsd.org>
From: Alan Post <apost@recalcitrant.org>
List: tech-security
Date: 07/17/2005 14:28:23
In article <20050717095042.GA15164@orion.intra.net>, Edgar Fuß wrote:
> 
> It was suggested not to run any root processes chroot-ed.
> What, then, is the preferred way of running named (or, mor generally,
> providing name service) or ntpd?

ntpd can run chrooted as ntpd:ntpd

  ntpd    1776    ??          /usr/sbin/ntpd -u ntpd:ntpd -i /var/chroot/ntpd 

From rc.conf on a 1.6.X machine:

  ntpd=YES ntpd_chrootdir=/var/chroot/ntpd