cbuxton at menandmice.com
Fri Sep 19 08:30:12 PDT 2008
On Sep 19, 2008, at 12:40 AM, Jan Dvorak wrote:
> On Thursday 18 September 2008 18:58:31 Chris Buxton wrote:
>> I'm not familiar with 'runas' for Linux. (There's a Windows command
>> that name...) On the surface, it sounds like 'sudo'.
> runas is much simpler and merely starts a process with given user,
> and optionally after chroot call.
OK then. It sounds like we can try using this to confine services to
chroot jails, although a combination of 'sudo', 'chgrp', and 'chroot'
would work as well. We still need to use libcap2 to assign the right
to open a privileged port, as needed, and there may be more. Each
service started this way will need to be thoroughly tested.
We also need to configure the correct security settings to make sure
that processes don't break out of chroot jails.
Men & Mice
More information about the hlfs-dev