SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Related Sites

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Copyright (C) 2001, Luciano Rocha <strange@cryogen.com>

RootJail is a small program designed to safely run dangerous or unreliable services.

It works like init(8) in that it spawns processes and watches for them. If any dies, it respawns it. If the child is misbehaving, in that it's dieing repeatedly, it is then disabled.

Besides doing that, before doing anything related to the service, it changes the current directory to that of the service, does a chroot(2) to that directory, changes it's uid and gid to the one's the service will run as, and then executes the service.

So, in effect, the service runs under a "root jail", in that it can't access any file outside it's directory (there is a way of leaving the root jail, but only if the service runs as root (ie, uid 0), and anyway, that's a bad thing).

To compile: 

        make
        make install

To run:

rootjail <user/uid>[[[:<group/gid>]:<service/home directory>]:<program>]

The user name or uid is mandatory, all other arguments, if not specified, are taken from the info of that user:

the "program" is taken from the user's shell, but if it's empty or it's a standard shell (*sh), then it defaults to "/go"; 

        the directory is the user's home directory
        the group is te primary group for that user.

It is also possible to specify a default argument by leaving it blank, eg:

rootjail moo:/home/moo/test: 

        -> will do a chdir("/home/moo/test"); chroot("."); setgid(moo's gid);
                setuid(moo); exec("/go");

Here are some examples:

rootjail apache:bin/httpd talker:nobody:: talker:nobody::talker2

etc...

As a note: don't forget that almost all executables use one or another shared library, so make sure to include the ones it needs in the root jail.

Signals

When the daemon receives the SIGHUP signal, it reactivates all services that were deactivated for respawning too fast. When the signal SIGTERM is received the daemon, before exiting, sends also a SIGTERM signal to all of it's childs (the services). It sends it two times, at the third time, it sends a SIGKILL signal, then exits.

Any sugestions/comments, please send them to the address above.


Other Sites

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.