Preemptive strategies

Chris Buxton cbuxton at menandmice.com
Thu Sep 18 09:58:31 PDT 2008


I'm not familiar with 'runas' for Linux. (There's a Windows command of  
that name...) On the surface, it sounds like 'sudo'.

'sudo' can be handy for starting a service in a chroot jail with its  
uid already set to an unprivileged user. The process can be assigned  
the necessary privileges to then open ports for listening, open a log  
socket for writing, etc.

jailkit's socketd, as mentioned by Heiko Zuerker, looks really handy  
if you want a jailed service to log to syslogd. Most syslogd  
implementations can only create one log socket. The syslogd from  
syslog-ng can, but for example if you're using busybox's syslogd,  
you're otherwise out of luck.

http://olivier.sessink.nl/jailkit/jk_socketd.8.html

Chris Buxton
Professional Services
Men & Mice

On Sep 17, 2008, at 8:00 PM, Robert Connolly wrote:

> On Monday September 15 2008 12:21:16 pm Chris Buxton wrote:
>> I have some experience with chroot jails, including setting them up
>> from scratch and debugging them.
>
> Do you use the 'runas' program? Are there reasons not to use it?
>
> robert
> -- 
> http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
> FAQ: http://www.linuxfromscratch.org/faq/
> Unsubscribe: See the above information page




More information about the hlfs-dev mailing list