Date: Fri, 15 Feb 2002 14:19:52 +0100 From: Olivier Cortes <olive@deep-ocean.org> To: Walter Hop <walter@binity.com> Cc: freebsd-hackers@freebsd.org Subject: Re: chroot+su idea Message-ID: <20020215141952.B81502@neptune.deep-ocean.local> In-Reply-To: <18416867424.20020215140249@binity.com>; from walter@binity.com on Fri, Feb 15, 2002 at 02:02:49PM %2B0100 References: <18416867424.20020215140249@binity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
cd /usr/ports less security/chrootuid/pkg-comment A simple wrapper that combines chroot(8) and su(1) into one program gook luck, olivier On Fri, Feb 15, 2002 at 02:02:49PM +0100, Walter Hop wrote: > Hi all, > > just like many people, I want to run my "dangerous" daemons as a > non-root user in a chroot environment. Now, I would usually use the > ``su'', or ``chroot'' tools from the FreeBSD toolset in the creation > of an rc.d script, but the question that puzzles me is how to combine > these two measures? > > 1) su first, then chroot: impossible, as chroot needs to be run by > root, so whenever I su to the user I cannot chroot anymore. > > 2) chroot first, then su: undesired, as I would have to move a suid > root copy of the "su" tool into the chroot; also unpractical as I'd > have to duplicate a lot of files into the chroot to satisfy su. > > Is there a tool available that combines chroot and su? If not, a > chroot capability would be an interesting feature to add to the > FreeBSD ``su'' command in my opinion, e.g. > > % su -l ircd -r /usr/local/ircd -c 'bin/ircd' > > Any ideas or suggestions would be welcomed. If I have overlooked a > current solution for the chroot+su chicken/egg problem, I'd love to > submit a patch for su to add such a chroot parameter, but I could > imagine that the committer team is more conservative than I am. :) > > Thanks! > walter > > -- > Walter Hop <walter@binity.com> | +31 6 24290808 | PGP keyid 0x84813998 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- Olivier Cortes GPG 1024/46CE0A51 : 8DB6 A56C 00CA DA0F F77F 86EB E86A 803C 46CE 0A51 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020215141952.B81502>