Re: chrooting bind under debian 2.0

To: cfb <cfb@ocn21.kdd-ok.ne.jp>
Cc: dpkg-maint@chiark.greenend.org.uk
Subject: Re: chrooting bind under debian 2.0
From: Robert Stone <talby@accesscom.com>
Date: Tue, 14 Jul 1998 06:42:44 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.980714062355.18669C-100000@dreamer.accesscom.com>
In-reply-to: <35AB59D5.EB0A2D9D@ocn21.kdd-ok.ne.jp>

	I would have expected this to be quite simple, just a matter of
inserting a "chroot <dirname>" into the --exec line of start-stop-daemon.
Since that's not working maybe a small addition to the start-stop-daemon
would allow for a --chroot option could deal with this special case of
executing daemons?
	In the mean time I would use fuser and a the named.pid file to
emulate the basic function of start-stop-daemon.
							thanks,
							Robert

On Tue, 14 Jul 1998, cfb wrote:

: Date: Tue, 14 Jul 1998 22:15:01 +0900
: From: cfb <cfb@ocn21.kdd-ok.ne.jp>
: To: linuxisp@jeffnet.org
: Subject: chrooting bind under debian 2.0
: Resent-Date: Mon, 13 Jul 1998 20:51:32 -0700
: Resent-From: linuxisp@friendly.jeffnet.org
: 
: Greetings....
: 
: I just spent a very frustrating evening attempting to chroot bind and
: run it as a non-root user.  The instructions that I was following were
: written for redhat.  I use debian.  The main difference in the
: instructions between the two distributions involved the use of /etc/rc.d
: by redhat and /etc/init.d by debian (and the way that the scripts in
: those two directories actually start and stop various services).
: 
: The main problem seems to be with the way that debian starts bind using
: the script /etc/init.d/bind.  I thought it would be really neat to just
: change the #!/bin/sh at the top of the script to something like :
:    #!/usr/sbin/chroot /chroot-dns/ /bin/sh
: or
:    #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh
: but I was getting various errors like "can't change root to
: /chroot-dns/" and "/chroot-dns/bin/sh file or directory not found" (and,
: yes, I even created a subdirectory within /chroot-dns/ called chroot-dns
: and duplicated all the necessary components).
: 
: Ok, so I figured that some obsecure nitche problem with shell invocation
: or usage was preventing this from working; so, I focused my attention on
: the start-stop-daemon utility used in the script.  I initially, I tried
: chrooting the start-stop-daemon utility itself, but that failed.  I then
: realized that it would be better to --exec /usr/sbin/chroot rather than
: attempt to chroot the start-stop-daemon.  
: 
: The main problem with this is that start-stop-daemon would never return
: from its' --exec /usr/sbin/chroot, effectivly hanging up the script at
: that point.  All of this was being done remotely, and I made the mistake
: or rebooting the box with this script in place.  I have to stop by the
: remote site and fix/reboot the box in person.
: 
: Anyone with any clues on how to easily and effectivly chroot bind under
: debian?  Worst case, I will rewrite the /etc/init.d/bind script to use
: something other than start-stop-daemon, but I'de really like to stick
: with the mood and tone (look and feel) set /etc/init.d
: 
: As always, TiA....
: 


--  
To UNSUBSCRIBE, email to debian-dpkg-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Bug#20776: dpkg-dev: dpkg-dev does not use emacsen-commen method of installing .el files
Next by Date: Bug#20776: not release-critical
Previous by thread: Re: Bug#20776: dpkg-dev: dpkg-dev does not use emacsen-commen method of installing .el files
Next by thread: Bug#20776: not release-critical
Index(es):
- Date
- Thread