From owner-freebsd-hackers Thu Oct 4 16:32:19 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from hotmail.com (f5.law9.hotmail.com [64.4.9.5]) by hub.freebsd.org (Postfix) with ESMTP id 3222837B405 for ; Thu, 4 Oct 2001 16:32:17 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 4 Oct 2001 16:32:17 -0700 Received: from 207.195.92.134 by lw9fd.law9.hotmail.msn.com with HTTP; Thu, 04 Oct 2001 23:32:16 GMT X-Originating-IP: [207.195.92.134] From: "Thierry Black" To: freebsd-hackers@freebsd.org Subject: chroot Date: Thu, 04 Oct 2001 17:32:16 -0600 Mime-Version: 1.0 Content-Type: text/html Message-ID: X-OriginalArrivalTime: 04 Oct 2001 23:32:17.0038 (UTC) FILETIME=[CDD6A2E0:01C14D2C] Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG
hello...
 
I am writing one simple network server, and can make the daemon and network code work ok, but I want my server to chroot during the initialization.  The problem is this server by design is designed to be installed and run by normal users, and chroot() can only be called by superuser. Because normal users might compile & install it, the server cant be made suid root. (I know normal procedure is to run as root, chroot and drop privileges, but that wont work).
 
I have 2 questions:
Why can superuser only use chroot()? (What if normal users could only chroot() to directories in current chroot() environment?)
 
Is there anything I can do to restrict directory acacess in my program, or simulate chroot in some other way?
 
If possible I want my solution to work on otehr bsd platforms as much as possible too.
 
thank you
 
 
 
thierry
 

Get your FREE download of MSN Explorer at http://explorer.msn.com
To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message