Date: Sat, 27 Oct 2001 19:48:53 +0100 (BST) From: Michael Grant <mg-fbsd2@grant.org> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: running a program as nobody Message-ID: <200110271848.TAA23141@splat.grant.org>
next in thread | raw e-mail | index | archive | help
I wanted to run a deamon (call it food for some random deamon) as foo
chrooted in /usr/local/food
Here's what I ended up doing which seem to work:
In /usr/local/food/, I created a few files:
bin/:
food sh su
etc:
group master.passwd
usr/lib:
libc.so.4 libm.so.2 libskey.so.2
libcrypt.so.2 libmd.so.2 libutil.so.3
usr/libexec:
ld-elf.so.1
for bin/sh, I wrote a little program, just to be paranoid (otherwise
su wanted a real shell):
main(int argc, char **argv)
{
if (strcmp(argv[1], "food") != 0)
exit(1);
execvp(argv[1], &argv[1]);
}
(purists will tell me that I should have done it all in C, it probably
would have eliminated the need for sh, su, and some of the libs in the
chroot tree).
my master.passwd looks like this:
# to generate: pwd_mkdb -d etc -p etc/master.passwd
root:*:0:0:root:/:/bin/sh
foo:*:1027:1027:foo daemon:/:/nonexistent
and group looks like this:
foo:*:1027:
su and the libraries are straight copies from the real ones.
Then, to start my daemon:
/usr/sbin/chroot /usr/local/food /bin/su -f -m foo food &
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110271848.TAA23141>