Forum
Hiawatha running under different system user in CHROOT
Jacob Oliver
27 July 2011, 12:43
Hiawatha version: 7.5
Operating System: Ubuntu 11.04 amd64
Hi, im attempting to setup a test server within a CHROOT Jail with Hiawatha(Gotta say, its better than all the other crap ive come across
).
I've managed to get the ports binding with privbind(In the Ubuntu repo's), but there's an issue with PID's needing root privelages.
I'm using POSIX ACL's to ensure the security of each directory, etc, and i have the permissions as they need to be configured.
My issue is that every time i start the server, i get an error saying it cant chown & chmod the PID file. Where would I be ale to disable this? I'm happy with modifying the source if I need too, and if i do, which file would it be in?
Thanks in advance
Operating System: Ubuntu 11.04 amd64
Hi, im attempting to setup a test server within a CHROOT Jail with Hiawatha(Gotta say, its better than all the other crap ive come across
).I've managed to get the ports binding with privbind(In the Ubuntu repo's), but there's an issue with PID's needing root privelages.
I'm using POSIX ACL's to ensure the security of each directory, etc, and i have the permissions as they need to be configured.
My issue is that every time i start the server, i get an error saying it cant chown & chmod the PID file. Where would I be ale to disable this? I'm happy with modifying the source if I need too, and if i do, which file would it be in?
Thanks in advance
Jacob Oliver
27 July 2011, 12:45
Oh, i almost forgot, im using sudo -i -u to change useres, aswell as in the Hiawatha config.
Hugo Leisink
27 July 2011, 12:59
The PID file is written via the log_pid() function in log.c, line 76. Let me know if you need some help with that.
Jacob Oliver
27 July 2011, 13:14
Thanks, and sure I'm currently learning C++ so it shouldnt be too difficult
I'm currently learning C++ so it shouldnt be too difficult Jacob Oliver
27 July 2011, 13:47
Okay, i have that done, and am looking at implementing PID's to have permissions set through the config file, but thats easy(will complete later), but im getting an error which is just:
Error while changing root to /CHROOTDIR :/
Any ideas?
Thanks
Error while changing root to /CHROOTDIR :/
Any ideas?
Thanks
Hugo Leisink
28 July 2011, 00:44
The error means that Hiawatha cannot set the root directory to "/CHROOTDIR :/", which doesn't look like a valid directory to me.
Jacob Oliver
6 August 2011, 20:30
Sorry for not replying for so long, I've been working with Samba4(I'm doing a lot of work for the kinda things I wanna go into when I'm older).
I'm aware It's not a valid directory, I'm just not the kind of person to give away my entire file system layout online :/ I'm testing the ACL's now, but they seem to be okay. Is there any specific permissions Hiawatha needs (Apart from Execute for binaries) to run in a certain directory?
I'm aware It's not a valid directory, I'm just not the kind of person to give away my entire file system layout online :/ I'm testing the ACL's now, but they seem to be okay. Is there any specific permissions Hiawatha needs (Apart from Execute for binaries) to run in a certain directory?
René
7 August 2011, 03:59
Security through obscurity. You know that a determined hacker with lots of time can hack your machine at any time...
Hugo Leisink
7 August 2011, 08:37
You need to start Hiawatha as root. Hiawatha will then chroot to the specified directory and drop root privileges.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
