Greetings.... I just spent a very frustrating evening attempting to chroot bind and run it as a non-root user. The instructions that I was following were written for redhat. I use debian. The main difference in the instructions between the two distributions involved the use of /etc/rc.d by redhat and /etc/init.d by debian (and the way that the scripts in those two directories actually start and stop various services).
The main problem seems to be with the way that debian starts bind using the script /etc/init.d/bind. I thought it would be really neat to just change the #!/bin/sh at the top of the script to something like : #!/usr/sbin/chroot /chroot-dns/ /bin/sh or #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh but I was getting various errors like "can't change root to /chroot-dns/" and "/chroot-dns/bin/sh file or directory not found" (and, yes, I even created a subdirectory within /chroot-dns/ called chroot-dns and duplicated all the necessary components). Ok, so I figured that some obsecure nitche problem with shell invocation or usage was preventing this from working; so, I focused my attention on the start-stop-daemon utility used in the script. I initially, I tried chrooting the start-stop-daemon utility itself, but that failed. I then realized that it would be better to --exec /usr/sbin/chroot rather than attempt to chroot the start-stop-daemon. The main problem with this is that start-stop-daemon would never return from its' --exec /usr/sbin/chroot, effectivly hanging up the script at that point. All of this was being done remotely, and I made the mistake or rebooting the box with this script in place. I have to stop by the remote site and fix/reboot the box in person. Anyone with any clues on how to easily and effectivly chroot bind under debian? Worst case, I will rewrite the /etc/init.d/bind script to use something other than start-stop-daemon, but I'de really like to stick with the mood and tone set /etc/init.d As always, TiA.... -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
