cd /usr/ports less security/chrootuid/pkg-comment
A simple wrapper that combines chroot(8) and su(1) into one program gook luck, olivier On Fri, Feb 15, 2002 at 02:02:49PM +0100, Walter Hop wrote: > Hi all, > > just like many people, I want to run my "dangerous" daemons as a > non-root user in a chroot environment. Now, I would usually use the > ``su'', or ``chroot'' tools from the FreeBSD toolset in the creation > of an rc.d script, but the question that puzzles me is how to combine > these two measures? > > 1) su first, then chroot: impossible, as chroot needs to be run by > root, so whenever I su to the user I cannot chroot anymore. > > 2) chroot first, then su: undesired, as I would have to move a suid > root copy of the "su" tool into the chroot; also unpractical as I'd > have to duplicate a lot of files into the chroot to satisfy su. > > Is there a tool available that combines chroot and su? If not, a > chroot capability would be an interesting feature to add to the > FreeBSD ``su'' command in my opinion, e.g. > > % su -l ircd -r /usr/local/ircd -c 'bin/ircd' > > Any ideas or suggestions would be welcomed. If I have overlooked a > current solution for the chroot+su chicken/egg problem, I'd love to > submit a patch for su to add such a chroot parameter, but I could > imagine that the committer team is more conservative than I am. :) > > Thanks! > walter > > -- > Walter Hop <[EMAIL PROTECTED]> | +31 6 24290808 | PGP keyid 0x84813998 > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message -- Olivier Cortes GPG 1024/46CE0A51 : 8DB6 A56C 00CA DA0F F77F 86EB E86A 803C 46CE 0A51 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
