Date: Tue, 6 Mar 2007 20:35:01 -0600 From: "Kelly D. Grills" <kdgrills@the-grills.com> To: freebsd-questions@freebsd.org Subject: Re: DHCP Server V3.0.5 No BPF under chroot. Works normally otherwise. Message-ID: <20070307023501.GA44021@the-grills.com> In-Reply-To: <200703070103.l2713Zq1069879@dc.cis.okstate.edu> References: <200703070103.l2713Zq1069879@dc.cis.okstate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--ew6BAiZeqk4r7MaW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Mar 06, 2007 at 07:03:35PM -0600, Martin McCormick wrote:
>=20
> I found some cook-book instructions for running dhcpd in
> a chroot environment. The article is 4 years old and appears to
> be set up for FreeBSD5x, but it isn't far off for FreeBSD6.2
> which is what I need dhcpd to run on.
>=20
I run isc-dhcp3-server-3.0.5 from ports, started from /etc/rc.conf with the
following options:
dhcpd_enable=3D"YES" # dhcpd enabled?
dhcpd_flags=3D"-q" # command option(s)
dhcpd_conf=3D"/usr/local/etc/dhcpd.conf" # configuration file
dhcpd_ifaces=3D"" # ethernet interface(s)
dhcpd_withumask=3D"022" # file creation mask
dhcpd_chuser_enable=3D"YES" # runs w/o privileges?
dhcpd_withuser=3D"dhcpd" # user name to run as
dhcpd_withgroup=3D"dhcpd" # group name to run as
dhcpd_chroot_enable=3D"YES" # runs chrooted?
dhcpd_devfs_enable=3D"YES" # use devfs if available?
dhcpd_rootdir=3D"/var/db/dhcpd" # directory to run in
dhcpd_includedir=3D"" # directory with config-
Here's the full pkg-message:
[root@srv2]/usr/ports/net/isc-dhcp3-server $ make display-message
**** To setup dhcpd, you may have to copy /usr/local/etc/dhcpd.conf.sample
to /usr/local/etc/dhcpd.conf for editing.
**** This port installs dhcp daemon, but don't invokes dhcpd by default. If
you want to invoke dhcpd at startup, put these lines into /etc/rc.con=
f.
dhcpd_enable=3D"YES" # dhcpd enabled?
dhcpd_flags=3D"-q" # command option(=
s)
dhcpd_conf=3D"/usr/local/etc/dhcpd.conf" # configuration f=
ile
dhcpd_ifaces=3D"" # ethernet interf=
ace(s)
dhcpd_withumask=3D"022" # file creation m=
ask
**** If compiled with paranoia support (the default), the following lines
are also supported:
dhcpd_chuser_enable=3D"YES" # runs w/o privil=
eges?
dhcpd_withuser=3D"dhcpd" # user name to ru=
n as
dhcpd_withgroup=3D"dhcpd" # group name to r=
un as
dhcpd_chroot_enable=3D"YES" # runs chrooted?
dhcpd_devfs_enable=3D"YES" # use devfs if avai=
lable?
dhcpd_makedev_enable=3D"YES" # use MAKEDEV inste=
ad?
dhcpd_rootdir=3D"/var/db/dhcpd" # directory to ru=
n in
dhcpd_includedir=3D"<some_dir>" # directory with =
config-
files to include
dhcpd_flags=3D"-early_chroot" # needs full root
WARNING: -early_chroot requires a jail(8) like environment to work.
WARNING: dhcpd_devfs_enable and dhcpd_makedev_enable are mutually
exclusive
dhcpd_makedev_enable make NO sense on FreeBSD 5.x and up!
**** If compiled with jail support (the default), the following lines are
also supported (-early_chroot and dhcpd_chroot_enable=3DYES are impli=
ed):
dhcpd_jail_enable=3D"YES" # runs imprisoned?
dhcpd_hostname=3D"<hostname>" # jail hostname
dhcpd_ipaddress=3D"<ip address>" # jail ip address
WARNING: dhcpd_rootdir needs to point to a full jail(8) environment.
**** WARNING: never edit the chrooted or jailed dhcpd.conf file but
/usr/local/etc/dhcpd.conf instead which is always copied where
needed upon startup.
**** WARNING: /usr/local/etc/rc.isc-dhcpd.conf is obsolete. rc.conf like
variables are still read there but should be moved /etc/rc.conf or
/etc/rc.conf.d/dhcpd instead. Also, the dhcpd_options variable must
be renamed dhcpd_flags if any.
--=20
Kelly D. Grills
kdgrills@the-grills.com
--ew6BAiZeqk4r7MaW
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
Comment: PGP key: mailto:kdgrills-pgpkey@the-grills.com
iD8DBQFF7iTV7inS5LzF7HMRAmIlAJ0flkJCa+cmxPkXbBGFZhGGAHWUPACfdPy2
bRT7tc1BxodwSeVxeShVO9o=
=ATjD
-----END PGP SIGNATURE-----
--ew6BAiZeqk4r7MaW--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070307023501.GA44021>