Sophie

Sophie

distrib > Mandriva > 9.2 > i586 > by-pkgid > a804ef007a99f7d26cf24253c2994680 > files > 198

howto-html-ja-9.1-0.5mdk.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Chroot-BIND8 HOWTO: jail $B$NMQ0U(B</TITLE>
 <LINK HREF="Chroot-BIND8-HOWTO-3.html" REL=next>
 <LINK HREF="Chroot-BIND8-HOWTO-1.html" REL=previous>
 <LINK HREF="Chroot-BIND8-HOWTO.html#toc2" REL=contents>
</HEAD>
<BODY>
<A HREF="Chroot-BIND8-HOWTO-3.html">$B<!$N%Z!<%8(B</A>
<A HREF="Chroot-BIND8-HOWTO-1.html">$BA0$N%Z!<%8(B</A>
<A HREF="Chroot-BIND8-HOWTO.html#toc2">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s2">2. jail $B$NMQ0U(B</A></H2>

<H2><A NAME="ss2.1">2.1 $B%f!<%6$N:n@.(B</A>
</H2>

<P>$B!V$O$8$a$K!W$G=R$Y$?$h$&$K!"(B
BIND $B$r(B root $B8"8B$G<B9T$9$k$N$O$"$^$jNI$$9M$($G$O$"$j$^$;$s!#(B
$B=>$C$F!"$^$::G=i$K(B BIND $B@lMQ$N%f!<%6$r:n$j$^$7$g$&!#(B
$B$3$NL\E*$K!"(B<CODE>nobody</CODE> $B$N$h$&$J4{B8$N0lHL8~$1%f!<%6$O!"(B
$B7h$7$F;H$&$Y$-$G$O$"$j$^$;$s!#(B
$B$7$+$7!"(BSuSE $B$d(B Linux Mandrake $B$J$I!"(B
$B:G=i$+$i$3$N$?$a$N%f!<%6(B ($BIaDL(B <CODE>named</CODE> $B$H$$$&L>A0(B)
$B$rMQ0U$7$F$$$k%G%#%9%H%j%S%e!<%7%g%s$b$"$k$N$G!"(B
$B$=$N>l9g$O$*K>$_$J$i$3$N%f!<%6$rMQ$$$F$b9=$$$^$;$s!#(B
<P>$B$5$F!"%f!<%6$rDI2C$9$k$K$O!"<!$N$h$&$J9T$r(B
<CODE>/etc/passwd</CODE> $B$K2C$($^$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
named:x:200:200:Nameserver:/chroot/named:/bin/false
</PRE>
</CODE></BLOCKQUOTE>

$B$=$7$F<!$N9T$r(B <CODE>/etc/group</CODE> $B$K2C$($^$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
named:x:200:
</PRE>
</CODE></BLOCKQUOTE>

$B$3$l$G(B BIND $BMQ$N(B <CODE>named</CODE> $B$H$$$&%f!<%6$H%0%k!<%W$,$G$-$^$7$?!#(B
UID $B$H(B GID ($B$3$NNc$G$ON>J}$H$b(B 200) $B$,!"(B
$B$*;H$$$N%7%9%F%`$GB>$H=E$J$C$F$$$J$$$h$&$KCm0U$7$^$7$g$&!#(B
$B$3$N%f!<%6$O%m%0%$%s$9$kI,MW$,$J$$$N$G!"(B
$B%7%'%k$O(B <CODE>/bin/false</CODE> $B$K$7$F$"$j$^$9!#(B
<P>
<H2><A NAME="ss2.2">2.2 $B%G%#%l%/%H%j9=B$(B</A>
</H2>

<P>$B<!$K!"(Bchroot jail $B$K;HMQ$9$k%G%#%l%/%H%j9=B$$r:n$C$F$"$2$kI,MW$,$"$j$^$9!#(B
$B$3$3$,(B BIND $B$N@83h$N>l$H$J$k$o$1$G$9!#(B
$B$3$l$O%U%!%$%k%7%9%F%`$N$I$3$G$b9=$$$^$;$s!#(B
$BHs>o$K?@7P<A$J?M$O!"FHN)$7$?%\%j%e!<%`(B
($B%Q!<%F%#%7%g%s(B) $B$KCV$-$?$$$H$5$(;W$&$+$b$7$l$^$;$s$M!#(B
$B$3$3$G$O(B <CODE>/chroot/named</CODE> $B$r;H$$$^$9!#(B
$B$^$:0J2<$N$h$&$J%G%#%l%/%H%j9=B$$r:n$C$F$/$@$5$$!#(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
/chroot
  +-- named
       +-- bin
       +-- dev
       +-- etc
       |    +-- namedb
       +-- lib
       +-- var
            +-- run
</PRE>
</CODE></BLOCKQUOTE>
<P>$B!ZLuCm(B: Debian $B%f!<%6$G%P%$%J%j$N:F%3%s%Q%$%k$r9T$$$?$/$J$$?M(B ($B8e=R(B) $B$O!"(B
<CODE>/chroot/named/etc/namedb</CODE> $B$r(B
<CODE>/chroot/named/etc/bind</CODE> $B$H$7$^$7$g$&![(B
<P>
<H2><A NAME="ss2.3">2.3 BIND $B$N%G!<%?$rG[CV$9$k(B</A>
</H2>

<P>$B4{$KDL>o$N$+$?$A$G(B BIND $B$,%$%s%9%H!<%k$G$-$F$$$F!"(B
$B$3$l$rMxMQ$7$F$$$k$J$i!"(B
<CODE>named.conf</CODE> $B%U%!%$%k$H%>!<%s%U%!%$%k$,$"$k$O$:$G$9!#(B
$B$3$l$i$N%U%!%$%k$O(B chroot jail $B$NCf$K0\F0(B ($B$"$k$$$O0BA4$K$d$k$J$i%3%T!<(B) 
$B$7$F!"(BBIND $B$+$i8+$($k$h$&$K$7$F$d$kI,MW$,$"$j$^$9!#(B
<CODE>named.conf</CODE> $B$O(B <CODE>/chroot/named/etc</CODE> $B$X!"(B
$B%>!<%s%U%!%$%k$O(B <CODE>/chroot/named/etc/namedb</CODE> $B$X0\F0$7$^$9!#(B
$BNc$($P(B:
<BLOCKQUOTE><CODE>
<PRE>
# cp -p /etc/named.conf /chroot/named/etc/

# cp -a /var/named/* /chroot/named/etc/namedb/
</PRE>
</CODE></BLOCKQUOTE>

$B!ZLuCm(B: Debian $B$N>l9g$O(B named.conf $B$N>l=j$O(B <CODE>/chroot/named/etc/bind</CODE>
$B$K$J$j$^$9!#(B
$B%>!<%s%U%!%$%k$NCV$->l=j$O(B
<CODE>named.conf</CODE> $BCf$N5-=R$K0MB8$9$k$N$G$9$,!"(B
$BDL>o$O(B <CODE>named.conf</CODE> $B$HF1$8%G%#%l%/%H%j$K$J$C$F$$$^$9!#![(B
<P>BIND $B$O$*$=$i$/(B <CODE>namedb</CODE> $B%G%#%l%/%H%j$H!"(B
$B$=$3$KCV$+$l$?%U%!%$%k(B ($B$N0lIt(B) $B$KBP$9$k=q$-$3$_8"8B$rI,MW$H$7$^$9!#(B
$BNc$($P!"$*;H$$$N(B DNS $B$,$"$k%>!<%s$r%9%l!<%V$G%5!<%S%9$9$k$J$i!"(B
BIND $B$O$=$N%>!<%s%U%!%$%k$r99?7$G$-$J$1$l$P$J$j$^$;$s!#(B
$B$^$?(B BIND $B$OE}7W>pJs$r%@%s%W$G$-$^$9$N$G!"(B
$B$=$l$b$3$N%G%#%l%/%H%j$K=q$1$k$h$&$K$7$F$d$kI,MW$,$"$j$^$9!#(B
$B$3$l$i$NM}M3$+$i!"$3$N%G%#%l%/%H%j(B ($B$H$=$NCf?H(B) $B$N(B
$B=jM-<T$O(B <CODE>named</CODE> $B%f!<%6$K$7$F$*$/$Y$-$G$7$g$&!#(B
<BLOCKQUOTE><CODE>
<PRE>
# chown -R named:named /chroot/named/etc/namedb
</PRE>
</CODE></BLOCKQUOTE>

$B!ZLuCm(B:
<A NAME="trans_named.conf"></A> 
$B6qBNE*$K$O!"(B<CODE>named.conf</CODE> $B$N(B
&quot;options&quot; $B@k8@Cf$N(B directory $BJ8$,!"(B
$B$3$l$i$N=q$-$3$_$,9T$o$l$k%G%#%l%/%H%j$K$J$j$^$9!#(B
$B$3$l$O%>!<%s%U%!%$%k$N%Q%9;XDj$N%Y!<%9%G%#%l%/%H%j$G$b$"$j$^$9!#(B
<P>Debian $B$NN.57$G$9$H!"(B
$B$3$N(B directory $B$O(B <CODE>/var/cache/named</CODE> $B$K$J$C$F$*$j!"(B
$B3F%>!<%s%U%!%$%k$O%U%k%Q%9$G;XDj$9$k$+$?$A$K$J$C$F$$$^$9!#(B
$B$3$N>l9g$O(B
<BLOCKQUOTE><CODE>
<PRE>
# mkdir -p /chroot/named/var/cache/namedb
# chown -R named:named /chroot/named/var/cache/namedb
</PRE>
</CODE></BLOCKQUOTE>

$B$J$I$H$9$k$3$H$K$J$k$G$7$g$&!#![(B
<P>BIND $B$O(B <CODE>/var/run</CODE> $B%G%#%l%/%H%j$K$b=q$-$3$_8"8B$rI,MW$H$7$^$9!#(B
pid $B%U%!%$%k$H(B ndc $B%=%1%C%H$r$3$3$K:n$k$+$i$G$9!#(B
$B<!$N%3%^%s%I$G$3$l$r2DG=$K$7$F$d$j$^$7$g$&!#(B
<BLOCKQUOTE><CODE>
<PRE>
# chown named:named /chroot/named/var/run
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H2><A NAME="ss2.4">2.4 $B%7%9%F%`$N%5%]!<%H%U%!%$%k(B</A>
</H2>

<P>BIND $B$,(B chroot jail $BFbIt$G$N<B9T$r;O$a$k$H!"(B
jail $B30It$N%U%!%$%k$X$O(B<B>$B0l@Z(B</B>$B%"%/%;%9$G$-$J$/$J$j$^$9!#(B
$B$7$+$7!"%7%9%F%`$N(B C $B%i%$%V%i%j$J$I!"(B
$B$$$/$D$+$N=EMW$J%U%!%$%k$K$O<B9T8e$b%"%/%;%9$G$-$J$1$l$P$J$j$^$;$s!#(B
$B<B:]$K$I$N%i%$%V%i%j$,I,MW$K$J$k$+$O!"$*;H$$$N(B UNIX OS $B$K0MB8$7$^$9!#(B
$B:G?7$N(B Linux $B%7%9%F%`$J$i!"(B
$B0J2<$N%3%^%s%I$rMxMQ$9$l$PI,MW$J%U%!%$%k$r(B
$BE,@Z$J>l=j$K$A$c$s$HG[CV$7$F$/$k$O$:$G$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
# cd /chroot/named/lib
# cp -p /lib/libc-2.*.so .
# ln -s libc-2.*.so libc.so.6
# cp -p /lib/ld-2.*.so .
# ln -s ld-2.*.so ld-linux.so.2
</PRE>
</CODE></BLOCKQUOTE>

$B$3$&$9$kBe$o$j$K!"(BBIND $B$N%P%$%J%j$r@EE*$K%j%s%/$7$F%S%k%I$7!"(B
$B$3$l$r(B chroot jail $B0J2<$KCV$$$FMxMQ$9$k$3$H$b2DG=$G$9!#(B
<CODE>ldconfig</CODE> $B$b(B jail $B$NFbIt$K%3%T!<$7$F<B9T$7!"(B
jail $B4D6-MQ$N(B <CODE>etc/ld.so.cache</CODE> $B$r:n$j$^$7$g$&!#(B
$B<!$N%3%^%s%I$,$3$l$r9T$$$^$9(B:
<BLOCKQUOTE><CODE>
<PRE>
# cp /sbin/ldconfig /chroot/named/bin/
# chroot /chroot/named /bin/ldconfig -v
</PRE>
</CODE></BLOCKQUOTE>
<P>BIND $B$O$b$&0l$D%U%!%$%k$r(B jail $B$NFbIt$KI,MW$H$7$^$9!#(B
$B$$$D$b$N(B <CODE>/dev/null</CODE> $B$G$9!#(B
$B$3$3$G$b!"$3$N%G%P%$%9%N!<%I$r:n$k$?$a$KI,MW$J%3%^%s%I$O(B
$B%7%9%F%`$K$h$C$F0[$J$k$G$7$g$&!#(B
<CODE>/dev/MAKEDEV</CODE> $B%9%/%j%W%H$rD4$Y$F3NG'$7$F$/$@$5$$!#(B
$B%7%9%F%`$K$h$C$F$O(B <CODE>/dev/zero</CODE> $B$,I,MW$J$3$H$b$"$j$^$9!#(B
$B$[$H$s$I$N(B Linux $B%7%9%F%`$G$O!"0J2<$N%3%^%s%I$,;H$($^$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
# mknod /chroot/named/dev/null c 1 3
</PRE>
</CODE></BLOCKQUOTE>
<P>$B!ZLuCm(B
<BLOCKQUOTE><CODE>
<PRE>
# chmod go+w /chroot/named/dev/null
</PRE>
</CODE></BLOCKQUOTE>

$B$bI,MW$@$H;W$$$^$9!#![(B
<P>$B:G8e$K!"$5$i$K%U%!%$%k$r(B 2$B!A(B3$B!"(Bjail $BFbIt$N(B <CODE>/etc</CODE> $B%G%#%l%/%H%j$K(B
$B;}$C$F$/$kI,MW$,$"$j$^$9!#(B
$BFC$K(B <CODE>/etc/localtime</CODE> ($B%7%9%F%`$K$h$C$F$O(B
<CODE>/usr/lib/zoneinfo/localtime</CODE> $B$+$b$7$l$^$;$s(B) $B$,!"(B
BIND $B$K@5$7$$;~9o$G%m%05-O?$r$5$;$k$K$OI,MW$G$9!#(B
$B$^$?(B <CODE>named</CODE> $B%0%k!<%W$N4^$^$l$k4JC1$J(B <CODE>group</CODE>
$B%U%!%$%k$b:n@.$9$kI,MW$,$"$j$^$9!#(B
$B0J2<$N%3%^%s%I$,$3$l$i$NLLE]$r8+$F$/$l$^$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
# cp /etc/localtime /chroot/named/etc/

# echo 'named:x:200:' > /chroot/named/etc/group
</PRE>
</CODE></BLOCKQUOTE>
<P>GID ($B$3$NNc$G$O(B 200) $B$K$4CmL\!#(B
$B@h$KK\Ev$N(B <CODE>/etc/group</CODE> $B$GDj5A$7$?$b$N$HF1$8$K$7$J$1$l$P$J$j$^$;$s!#(B
<P>
<H2><A NAME="logging"></A> <A NAME="ss2.5">2.5 $B%m%05-O?(B</A>
</H2>

<P>$BK\J*$N<|?M$H$O0[$J$j!"(BBIND $B$O%m%05-O?$rJI$K=q$/$3$H$O$G$-$^$;$s(B :-)$B!#(B
$BDL>o(B BIND $B$O%m%0$r!"%7%9%F%`$N%m%.%s%0%G!<%b%s$G$"$k(B
<CODE>syslogd</CODE> $B7PM3$G5-O?$7$^$9!#(B
$B$3$N%?%$%W$N%m%05-O?$O!"FC<l$J%=%1%C%H$G$"$k(B <CODE>/dev/log</CODE>
$B$rDL$7$F%m%0%(%s%H%j$rAw?.$9$k$3$H$G9T$o$l$^$9!#(B
$B$7$+$7$3$l$O(B jail $B$N30It$K$"$j$^$9$+$i!"(BBIND $B$+$i$O;H$($^$;$s!#(B
$B$G$b$"$j$,$?$$$3$H$K!"$3$l$r2r7h$9$kJ}K!$O$$$/$D$+B8:_$7$^$9!#(B
<P>
<H3>$BM}A[E*$J2r(B</H3>

<P>$B$3$N%8%l%s%^$KBP$9$kM}A[E*$J2r7hK!$K$O!"(B
OpenBSD $B$GF3F~$5$l$?(B <CODE>-a</CODE> $B%9%$%C%A$r%5%]!<%H$9$k!"(B
$BHf3SE*?7$7$$%P!<%8%g%s$N(B <CODE>syslogd</CODE> $B$,I,MW$G$9!#(B
<CODE>syslogd(8)</CODE> $B$N(B man $B%Z!<%8$r%A%'%C%/$7$F!"(B
$B<+J,$N;H$C$F$$$k$N$,$3$l$+$I$&$+8+$F$/$@$5$$!#(B
<P>$B%5%]!<%H$7$F$$$l$P!"(B<CODE>syslogd</CODE>
$B$r5/F0$9$k:]$N%3%^%s%I%i%$%s$K(B ``<CODE>-a /chroot/named/dev/log</CODE>''
$B$rDI2C$9$k$@$1$G(B OK $B$G$9!#(B
SysV-init $B$r$9$Y$F;H$C$F$$$k%7%9%F%`(B
(Linux $B%G%#%9%H%j%S%e!<%7%g%s$N$[$H$s$I$O$=$&(B) $B$J$i!"(B
$B5/F0$ODL>o(B <CODE>/etc/rc.d/init.d/syslog</CODE> $B%U%!%$%k$G$J$5$l$^$9!#(B
$BNc$($P!";d$N(B Red Hat Linux $B%7%9%F%`$G$O!";d$O(B
<BLOCKQUOTE><CODE>
<PRE>
daemon syslogd -m 0
</PRE>
</CODE></BLOCKQUOTE>

$B$N9T$r(B
<BLOCKQUOTE><CODE>
<PRE>
daemon syslogd -m 0 -a /chroot/named/dev/log
</PRE>
</CODE></BLOCKQUOTE>

$B$HJQ99$7$^$7$?!#(B
<P>Caldera OpenLinux $B%7%9%F%`$G$O(B
<CODE>ssd</CODE> $B$H$$$&%G!<%b%s%i%s%A%c$r;H$C$F$*$j!"(B
$B$3$l$O@_Dj$r(B <CODE>/etc/sysconfig/daemons/syslog</CODE> $B$+$iFI$_$^$9!#(B
$B$3$NCf$N%*%W%7%g%s9T$r0J2<$N$h$&$K=$@5$9$k$@$1$G$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
OPTIONS_SYSLOGD="-m 0 -a /chroot/named/dev/log"
</PRE>
</CODE></BLOCKQUOTE>
<P>$BF1MM$K(B SuSE $B%7%9%F%`$G$O!"(B
$B$3$N%9%$%C%A$O(B <CODE>/etc/rc.config</CODE> $B%U%!%$%k$KDI2C$9$k$N$,NI$$$=$&$G$9!#(B
<BLOCKQUOTE><CODE>
<PRE>
SYSLOGD_PARAMS=""
</PRE>
</CODE></BLOCKQUOTE>

$B$H$$$&9T$r(B
<BLOCKQUOTE><CODE>
<PRE>
SYSLOGD_PARAMS="-a /chroot/named/dev/log"
</PRE>
</CODE></BLOCKQUOTE>

$B$H$9$l$P(B OK $B$G$9!#(B
<P>$B!ZLuCm(B: Debian $B$J$i(B <CODE>/etc/init.d/syslogd</CODE> $B$N(B
<BLOCKQUOTE><CODE>
<PRE>
SYSLOGD=""
</PRE>
</CODE></BLOCKQUOTE>

$B$H$$$&9T$r(B
<BLOCKQUOTE><CODE>
<PRE>
SYSLOGD="-a /chroot/named/dev/log"
</PRE>
</CODE></BLOCKQUOTE>

$B$H$7$^$9!#![(B
<P>$B$*;H$$$N%7%9%F%`$G$NJQ99J}K!$,$o$+$C$?$i!"(B
<CODE>syslogd</CODE> $B$r:F5/F0$9$k$@$1$G$9!#(Bkill $B$7$F:F$S(B
($BDI2C%Q%i%a!<%?$H$H$b$K(B) $B5/F0$7$F$b$$$$$G$9$7!"(B
SysV-init $B%9%/%j%W%H$r;H$C$F<!$N$h$&$K$9$k$N$G$bNI$$$G$7$g$&!#(B
<BLOCKQUOTE><CODE>
<PRE>
# /etc/rc.d/init.d/syslog stop
# /etc/rc.d/init.d/syslog start
</PRE>
</CODE></BLOCKQUOTE>
<P>$B:F5/F0$G$-$?$i!"(B<CODE>/chroot/named/dev</CODE> $B$K(B
$B0J2<$N$h$&$J(B <CODE>log</CODE> $B$H$$$&!V%U%!%$%k!W$,$G$-$F$$$k$O$:$G$9!#(B
<P>
<PRE>
srw-rw-rw-   1 root     root            0 Mar 13 20:58 log
</PRE>
<P>
<H3>$BJL$N2r(B</H3>

<P>$B8E$$(B <CODE>syslogd</CODE> $B$r;H$C$F$$$k>l9g$O!"(B
$B%m%0$r<h$k$K$OJL$NJ}K!$r8+$D$1$J$1$l$P$J$j$^$;$s!#(B
$BNc$($P(B <CODE>hoellogd</CODE> $B$N$h$&$J!"(B
$B!V%W%m%-%7!W$H$7$FF0:n$9$k$h$&@_7W$5$l$F$$$k%W%m%0%i%`$bB8:_$7$^$9!#(B
$B$3$l$O(B chroot $B$5$l$?(B BIND $B$+$i%m%0%(%s%H%j$r<u$1<h$j!"(B
$B$=$l$rDL>o$N(B <CODE>/dev/log</CODE> $B%=%1%C%H$KEO$7$^$9!#(B
<P>$B$"$k$$$O!"(BBIND $B$r@_Dj$7$F!"%m%0$r(B syslog $B$KAw$k$N$G$O$J$/(B
$B%U%!%$%k$K=q$-$3$`$h$&$K$b$G$-$^$9!#(B
$B$3$NJ}K!$rA*$V$J$i!"(BBIND $B$NJ8=q$K$"$?$C$F>\:Y$rD4$Y$F$/$@$5$$!#(B
<P>
<HR>
<A HREF="Chroot-BIND8-HOWTO-3.html">$B<!$N%Z!<%8(B</A>
<A HREF="Chroot-BIND8-HOWTO-1.html">$BA0$N%Z!<%8(B</A>
<A HREF="Chroot-BIND8-HOWTO.html#toc2">$BL\<!$X(B</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional