In NetBSD and FreeBSD, rc(8) supports running chroot(8) out of the box; it will automatically set up the jailed environment, including the creation of a /var/run/log socket inside the chroot so that syslogd(8) still works. rc.subr(8) further describes the user, group, groups, and chroot variables.

Here's an example of a custom statically linked program without built-in chroot capability running with dropped privileges through the rc(8) framework:

# $NetBSD: ircd-hybrid.sh,v 1.2 2003/08/23 10:52:50 seb Exp $

# PROVIDE: ircdhybrid

# REQUIRE: DAEMON name="ircdhybrid" rcvar=$name pidfile="/usr/local/ircd/etc/ircd.pid" command="/usr/local/ircd/bin/ircd" command_args="> /dev/null 2>&1 &" conffile="/usr/local/ircd/etc/ircd.conf" required_files="$conffile"

start_precmd=ircd_hybrid_precmd ircd_hybrid_precmd () {

/usr/bin/touch $pidfile && /usr/sbin/chown irc $pidfile && /bin/chmod 600 $pidfile

# without chroot, _group and _groups are derived from the passwd database.

# with chroot, _group and _groups must both be specified or root's will be kept.

: ${_user:=irc} : ${_group:=irc} : ${_groups:=irc} rc_flags="-foreground $rc_flags"

. /etc/rc.subr load_rc_config $name run_rc_command "$1"

To call this rc script, add these lines to /etc/rc.conf:





ircdhybrid_flags="-configfile /usr/local/ircd/etc/ircd.conf"

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment