From owner-freebsd-hackers Fri Feb 15 5:26:57 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from avocet.prod.itd.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by hub.freebsd.org (Postfix) with ESMTP id 3814B37B404 for ; Fri, 15 Feb 2002 05:26:55 -0800 (PST) Received: from pool0097.cvx22-bradley.dialup.earthlink.net ([209.179.198.97] helo=mindspring.com) by avocet.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16biNq-0002ym-00; Fri, 15 Feb 2002 05:26:39 -0800 Message-ID: <3C6D0C85.4D058346@mindspring.com> Date: Fri, 15 Feb 2002 05:26:29 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Walter Hop Cc: FreeBSD Hackers Subject: Re: chroot+su idea References: <18416867424.20020215140249@binity.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Walter Hop wrote: > Is there a tool available that combines chroot and su? If not, a > chroot capability would be an interesting feature to add to the > FreeBSD ``su'' command in my opinion, e.g. > > % su -l ircd -r /usr/local/ircd -c 'bin/ircd' > > Any ideas or suggestions would be welcomed. If I have overlooked a > current solution for the chroot+su chicken/egg problem, I'd love to > submit a patch for su to add such a chroot parameter, but I could > imagine that the committer team is more conservative than I am. :) Don't use "su". Use the systemcalls "setgig" and "setuid" to drop priviledges in the program itself. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message