From owner-freebsd-questions@FreeBSD.ORG Wed Mar 7 02:35:03 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 69A0416A402 for ; Wed, 7 Mar 2007 02:35:03 +0000 (UTC) (envelope-from kdgrills@the-grills.com) Received: from sccrmhc14.comcast.net (sccrmhc14.comcast.net [204.127.200.84]) by mx1.freebsd.org (Postfix) with ESMTP id 3088E13C461 for ; Wed, 7 Mar 2007 02:35:03 +0000 (UTC) (envelope-from kdgrills@the-grills.com) Received: from srv2.the-grills.com (c-68-60-243-64.hsd1.il.comcast.net[68.60.243.64]) by comcast.net (sccrmhc14) with SMTP id <2007030702350201400rrj0ne>; Wed, 7 Mar 2007 02:35:02 +0000 Received: (qmail 45122 invoked by uid 1001); 7 Mar 2007 02:35:01 -0000 Date: Tue, 6 Mar 2007 20:35:01 -0600 From: "Kelly D. Grills" To: freebsd-questions@freebsd.org Message-ID: <20070307023501.GA44021@the-grills.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <200703070103.l2713Zq1069879@dc.cis.okstate.edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ew6BAiZeqk4r7MaW" Content-Disposition: inline In-Reply-To: <200703070103.l2713Zq1069879@dc.cis.okstate.edu> X-Operating-System: FreeBSD/6.2-RELEASE (i386) X-PGP-Key: mailto:kdgrills-pgpkey@the-grills.com User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: DHCP Server V3.0.5 No BPF under chroot. Works normally otherwise. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2007 02:35:03 -0000 --ew6BAiZeqk4r7MaW Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 06, 2007 at 07:03:35PM -0600, Martin McCormick wrote: >=20 > I found some cook-book instructions for running dhcpd in > a chroot environment. The article is 4 years old and appears to > be set up for FreeBSD5x, but it isn't far off for FreeBSD6.2 > which is what I need dhcpd to run on. >=20 I run isc-dhcp3-server-3.0.5 from ports, started from /etc/rc.conf with the following options: dhcpd_enable=3D"YES" # dhcpd enabled? dhcpd_flags=3D"-q" # command option(s) dhcpd_conf=3D"/usr/local/etc/dhcpd.conf" # configuration file dhcpd_ifaces=3D"" # ethernet interface(s) dhcpd_withumask=3D"022" # file creation mask dhcpd_chuser_enable=3D"YES" # runs w/o privileges? dhcpd_withuser=3D"dhcpd" # user name to run as dhcpd_withgroup=3D"dhcpd" # group name to run as dhcpd_chroot_enable=3D"YES" # runs chrooted? dhcpd_devfs_enable=3D"YES" # use devfs if available? dhcpd_rootdir=3D"/var/db/dhcpd" # directory to run in dhcpd_includedir=3D"" # directory with config- Here's the full pkg-message: [root@srv2]/usr/ports/net/isc-dhcp3-server $ make display-message **** To setup dhcpd, you may have to copy /usr/local/etc/dhcpd.conf.sample to /usr/local/etc/dhcpd.conf for editing. **** This port installs dhcp daemon, but don't invokes dhcpd by default. If you want to invoke dhcpd at startup, put these lines into /etc/rc.con= f. dhcpd_enable=3D"YES" # dhcpd enabled? dhcpd_flags=3D"-q" # command option(= s) dhcpd_conf=3D"/usr/local/etc/dhcpd.conf" # configuration f= ile dhcpd_ifaces=3D"" # ethernet interf= ace(s) dhcpd_withumask=3D"022" # file creation m= ask **** If compiled with paranoia support (the default), the following lines are also supported: dhcpd_chuser_enable=3D"YES" # runs w/o privil= eges? dhcpd_withuser=3D"dhcpd" # user name to ru= n as dhcpd_withgroup=3D"dhcpd" # group name to r= un as dhcpd_chroot_enable=3D"YES" # runs chrooted? dhcpd_devfs_enable=3D"YES" # use devfs if avai= lable? dhcpd_makedev_enable=3D"YES" # use MAKEDEV inste= ad? dhcpd_rootdir=3D"/var/db/dhcpd" # directory to ru= n in dhcpd_includedir=3D"" # directory with = config- files to include dhcpd_flags=3D"-early_chroot" # needs full root WARNING: -early_chroot requires a jail(8) like environment to work. WARNING: dhcpd_devfs_enable and dhcpd_makedev_enable are mutually exclusive dhcpd_makedev_enable make NO sense on FreeBSD 5.x and up! **** If compiled with jail support (the default), the following lines are also supported (-early_chroot and dhcpd_chroot_enable=3DYES are impli= ed): dhcpd_jail_enable=3D"YES" # runs imprisoned? dhcpd_hostname=3D"" # jail hostname dhcpd_ipaddress=3D"" # jail ip address WARNING: dhcpd_rootdir needs to point to a full jail(8) environment. **** WARNING: never edit the chrooted or jailed dhcpd.conf file but /usr/local/etc/dhcpd.conf instead which is always copied where needed upon startup. **** WARNING: /usr/local/etc/rc.isc-dhcpd.conf is obsolete. rc.conf like variables are still read there but should be moved /etc/rc.conf or /etc/rc.conf.d/dhcpd instead. Also, the dhcpd_options variable must be renamed dhcpd_flags if any. --=20 Kelly D. Grills kdgrills@the-grills.com --ew6BAiZeqk4r7MaW Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: PGP key: mailto:kdgrills-pgpkey@the-grills.com iD8DBQFF7iTV7inS5LzF7HMRAmIlAJ0flkJCa+cmxPkXbBGFZhGGAHWUPACfdPy2 bRT7tc1BxodwSeVxeShVO9o= =ATjD -----END PGP SIGNATURE----- --ew6BAiZeqk4r7MaW--