Date: Fri, 15 Feb 2002 14:02:49 +0100 From: Walter Hop <walter@binity.com> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: chroot+su idea Message-ID: <18416867424.20020215140249@binity.com>
next in thread | raw e-mail | index | archive | help
Hi all, just like many people, I want to run my "dangerous" daemons as a non-root user in a chroot environment. Now, I would usually use the ``su'', or ``chroot'' tools from the FreeBSD toolset in the creation of an rc.d script, but the question that puzzles me is how to combine these two measures? 1) su first, then chroot: impossible, as chroot needs to be run by root, so whenever I su to the user I cannot chroot anymore. 2) chroot first, then su: undesired, as I would have to move a suid root copy of the "su" tool into the chroot; also unpractical as I'd have to duplicate a lot of files into the chroot to satisfy su. Is there a tool available that combines chroot and su? If not, a chroot capability would be an interesting feature to add to the FreeBSD ``su'' command in my opinion, e.g. % su -l ircd -r /usr/local/ircd -c 'bin/ircd' Any ideas or suggestions would be welcomed. If I have overlooked a current solution for the chroot+su chicken/egg problem, I'd love to submit a patch for su to add such a chroot parameter, but I could imagine that the committer team is more conservative than I am. :) Thanks! walter -- Walter Hop <walter@binity.com> | +31 6 24290808 | PGP keyid 0x84813998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18416867424.20020215140249>