From owner-freebsd-hackers  Fri Feb 15 20:20:17 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87])
	by hub.freebsd.org (Postfix) with ESMTP id 55C2237B41A
	for <freebsd-hackers@freebsd.org>; Fri, 15 Feb 2002 20:20:11 -0800 (PST)
Received: from InterJet.elischer.org ([12.232.206.8])
          by rwcrmhc54.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020216042011.XNRI1214.rwcrmhc54.attbi.com@InterJet.elischer.org>;
          Sat, 16 Feb 2002 04:20:11 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id UAA39570;
	Fri, 15 Feb 2002 20:17:57 -0800 (PST)
Date: Fri, 15 Feb 2002 20:17:56 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: Walter Hop <walter@binity.com>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Subject: Re: chroot+su idea
In-Reply-To: <18416867424.20020215140249@binity.com>
Message-ID: <Pine.BSF.4.21.0202152017270.39539-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

check out 'jail'

start the daemon within the startup script of the jail.



On Fri, 15 Feb 2002, Walter Hop wrote:

> Hi all,
> 
> just like many people, I want to run my "dangerous" daemons as a
> non-root user in a chroot environment. Now, I would usually use the
> ``su'', or ``chroot'' tools from the FreeBSD toolset in the creation
> of an rc.d script, but the question that puzzles me is how to combine
> these two measures?
> 
> 1) su first, then chroot: impossible, as chroot needs to be run by
>    root, so whenever I su to the user I cannot chroot anymore.
> 
> 2) chroot first, then su: undesired, as I would have to move a suid
>    root copy of the "su" tool into the chroot; also unpractical as I'd
>    have to duplicate a lot of files into the chroot to satisfy su.
> 
> Is there a tool available that combines chroot and su? If not, a
> chroot capability would be an interesting feature to add to the
> FreeBSD ``su'' command in my opinion, e.g.
> 
> % su -l ircd -r /usr/local/ircd -c 'bin/ircd'
> 
> Any ideas or suggestions would be welcomed. If I have overlooked a
> current solution for the chroot+su chicken/egg problem, I'd love to
> submit a patch for su to add such a chroot parameter, but I could
> imagine that the committer team is more conservative than I am. :)
> 
> Thanks!
> walter
> 
> -- 
>  Walter Hop <walter@binity.com> | +31 6 24290808 | PGP keyid 0x84813998
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-hackers" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message