|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2004
/
2004-06
/
I thought it was not a good idea to launch programs in a root jails as root
[
New release / Robert Segall ... ]
[
simple patch: pound unbuffered ... ]
I thought it was not a good idea to launch programs in a root jails as root
john.underwood(at)gmrworks.com |
2004-06-28 18:23:17 |
[ FULL ]
|
So then why does pound require that it be launched by "root"? This
precludes the option of using a program like "runchroot" to launch the
application, does it not?
Thanks for the help.
|
|
|
Re: I thought it was not a good idea to launch programs in a root jails as root
Robert Segall <roseg(at)apsis.ch> |
2004-06-28 18:43:35 |
[ FULL ]
|
On Monday 28 June 2004 18.23, john.underwood(at)gmrworks.com wrote:[...]
You don't need Pound to be run as root unless you need some features which
require the permissions:
- unless root you can't bind to low ports (80 is typical of HTTP)
- you can't run setuid/setgid unless you start out as root
- if you have SSL certificates you'll usually protect them by setting
permission 400, owner root
If you don't need these features then root is not required - Pound will
happily run as any user. If your issue is only chroot then you can always
start Pound as root but define RootJail, User and Group to whatever you
like.[...]
|
|
|
Re: I thought it was not a good idea to launch programs in a root jails as
root
john.underwood(at)gmrworks.com |
2004-06-28 21:05:26 |
[ FULL ]
|
If you don't need these features then root is not required - Pound will
happily run as any user. If your issue is only chroot then you can always
start Pound as root but define RootJail, User and Group to whatever you
like.
Sorry to be thick but....
Assuming that:
1.) my root jail is setup correctly with the needed files and structure.
2.) pound.cfg defines RootJail, User and Group
3.) i call the script form a system boot-time script
pound will chroot to that jail ,as root, and start itself as that user
jail?
|
|
|
Re: I thought it was not a good idea to launch programs in a root jails as root
Robert Segall <roseg(at)apsis.ch> |
2004-06-29 17:53:04 |
[ FULL ]
|
On Monday 28 June 2004 21.05, john.underwood(at)gmrworks.com wrote:[...]
I'm not sure what do you mean with "user jail".
Otherwise: yes. Define the three directives and Pound will chroot to the
directory and run setuid/setgid.
For more info try the man page/README/FAQ.[...]
|
|
|
Re: I thought it was not a good idea to launch programs in a root jails as
root
john.underwood(at)gmrworks.com |
2004-06-29 19:31:35 |
[ FULL ]
|
"Jail" is the name of the user that I created to use in pound.cfg.
I read the man and readme about 10 times in an attempt not to post a
"stupid user" question. I just was not grasping that pound would take care
of the chroot itself. I was simply making it harder than it is. After a
clean install my system is working great.
Thanks for an excellent piece of work that fits our needs perfectly.
John Underwood
Manager of Network Operations
General Motors R* Works
517.279.6557
Robert Segall <roseg(at)apsis.ch>
06/29/2004 11:53 AM
To: pound(at)apsis.ch
cc:
Subject: Re: I thought it was not a good idea to launch programs
in a root jails as
root
On Monday 28 June 2004 21.05, john.underwood(at)gmrworks.com wrote:[...]
I'm not sure what do you mean with "user jail".
Otherwise: yes. Define the three directives and Pound will chroot to the
directory and run setuid/setgid.
For more info try the man page/README/FAQ.[...]
|
|
|
|
