From owner-freebsd-questions  Sat Oct 27 11:49: 4 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from grant.org (grant.org [206.190.164.98])
	by hub.freebsd.org (Postfix) with ESMTP id 8E0E037B401
	for <freebsd-questions@FreeBSD.ORG>; Sat, 27 Oct 2001 11:48:59 -0700 (PDT)
Received: from splat.grant.org (mgrant@host213-122-11-188.btinternet.com [213.122.11.188])
	by grant.org (8.11.6/8.11.6) with ESMTP id f9RImvB96263
	for <freebsd-questions@FreeBSD.ORG>; Sat, 27 Oct 2001 14:48:58 -0400 (EDT)
	(envelope-from mgrant@splat.grant.org)
Received: (from mgrant@localhost)
	by splat.grant.org (8.9.3+Sun/8.9.1) id TAA23141;
	Sat, 27 Oct 2001 19:48:53 +0100 (BST)
Date: Sat, 27 Oct 2001 19:48:53 +0100 (BST)
Message-Id: <200110271848.TAA23141@splat.grant.org>
From: Michael Grant <mg-fbsd2@grant.org>
To: <freebsd-questions@FreeBSD.ORG>
Subject: Re: running a program as nobody
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I wanted to run a deamon (call it food for some random deamon) as foo
chrooted in /usr/local/food

Here's what I ended up doing which seem to work:

In /usr/local/food/, I created a few files:

bin/:
food    sh    su

etc:
group   master.passwd

usr/lib:
libc.so.4       libm.so.2       libskey.so.2
libcrypt.so.2   libmd.so.2      libutil.so.3

usr/libexec:
ld-elf.so.1

for bin/sh, I wrote a little program, just to be paranoid (otherwise
su wanted a real shell):

main(int argc, char **argv)
{ 
  if (strcmp(argv[1], "food") != 0)
    exit(1);
  execvp(argv[1], &argv[1]);
}

(purists will tell me that I should have done it all in C, it probably 
would have eliminated the need for sh, su, and some of the libs in the 
chroot tree).

my master.passwd looks like this:

# to generate: pwd_mkdb -d etc -p etc/master.passwd
root:*:0:0:root:/:/bin/sh
foo:*:1027:1027:foo daemon:/:/nonexistent

and group looks like this:
foo:*:1027:

su and the libraries are straight copies from the real ones.

Then, to start my daemon:

/usr/sbin/chroot /usr/local/food /bin/su -f -m foo food &


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message