Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Feb 2002 20:17:56 -0800 (PST)
From:      Julian Elischer <julian@elischer.org>
To:        Walter Hop <walter@binity.com>
Cc:        FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject:   Re: chroot+su idea
Message-ID:  <Pine.BSF.4.21.0202152017270.39539-100000@InterJet.elischer.org>
In-Reply-To: <18416867424.20020215140249@binity.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
check out 'jail'

start the daemon within the startup script of the jail.



On Fri, 15 Feb 2002, Walter Hop wrote:

> Hi all,
> 
> just like many people, I want to run my "dangerous" daemons as a
> non-root user in a chroot environment. Now, I would usually use the
> ``su'', or ``chroot'' tools from the FreeBSD toolset in the creation
> of an rc.d script, but the question that puzzles me is how to combine
> these two measures?
> 
> 1) su first, then chroot: impossible, as chroot needs to be run by
>    root, so whenever I su to the user I cannot chroot anymore.
> 
> 2) chroot first, then su: undesired, as I would have to move a suid
>    root copy of the "su" tool into the chroot; also unpractical as I'd
>    have to duplicate a lot of files into the chroot to satisfy su.
> 
> Is there a tool available that combines chroot and su? If not, a
> chroot capability would be an interesting feature to add to the
> FreeBSD ``su'' command in my opinion, e.g.
> 
> % su -l ircd -r /usr/local/ircd -c 'bin/ircd'
> 
> Any ideas or suggestions would be welcomed. If I have overlooked a
> current solution for the chroot+su chicken/egg problem, I'd love to
> submit a patch for su to add such a chroot parameter, but I could
> imagine that the committer team is more conservative than I am. :)
> 
> Thanks!
> walter
> 
> -- 
>  Walter Hop <walter@binity.com> | +31 6 24290808 | PGP keyid 0x84813998
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0202152017270.39539-100000>