[TriLUG] chroot standards?

[Greg Cox]

> With that kind of question, you're -begging- for the pedants.

Saw right through that one, didn't ye? :-)

> > /opt and /usr/local didn't seem right.
> You might rethink /opt.  Personally, I -hate- /opt, but it's a great
> dumping ground.  Think of /opt as a second /, allowing you to create
> your own directory structure off from there.

I should've elaborated:  I was, in the interest of pedantry, running
on the idea that /opt and /usr/local are sometimes suggested as
mounted ro, and thus were out for stuff like dynamic DNS updates;
MTAs; tftp uploads.

> Also, you might want to rethink your 'ew' response to /home/user.
> This has commonly been the way to chroot things, as you usually
> dedicate a user to said chroot environment.  Similar to /opt,
> it lets you compartmentalize the directories.

True.  I 'ew'd there out of personal preference.  While you know it'll
be mounted rw, it's also usually on a different backup schedule than
your system kind of stuff, which made it seem like the wrong place.
It's not palatable-to-me, but it's feasible.  

> I dislike adding new directories directly into /var.

So did I.  Hence the question, and hence my only adding 1 directory,
for roots to hang under.  But, /var seemed like the only place that
fit.

> Its only a free for all because none of the distributions have
> adopted a blanket chroot policy.

Right.  I was hoping that, since we've got some readers who work for
the bRightlycoloredHeadcovering, maybe they could put bugs in ears
with LSB/FSSTD/FHS/whoever pholx, or think about same, or what have you.

> Is your chroot actually secure? Are you sure?

Reasonably, for the time I spent on it.  And stop calling me "Shir."