|
| From: | Brett Dikeman |
| Subject: | Re: [Mldonkey-users] Calling for technical help : starting mldonkey as a service |
| Date: | Thu, 20 Feb 2003 01:21:38 -0500 |
At 2:54 PM +0100 2/19/03, Sylvain LE GALL wrote:
Hello, I have go along the path to see if i can find some consistent information about running securely mldonkey on my system.
Compile it statically, use the prebuild static binaries, or run ld on the mldonkey binary and copy(symlinks will not work) the listed libraries. They almost certainly in turn rely on other libraries, so I don't recommend a dynamic binary with a lib dir inside the jail.
Run it in a chroot-jail as a NON-ROOT user. You need root to make the chroot system call, but you MUST NOT run mldonkey as root. I think this means a copy of sudo needs to be inside the jail. As you can see, this gets complicated fast if the daemon can't drop permissions on its own.
No options need to be provided on the command line or via environment variables(most everything is done from the option files), but all directory configuration directives will need to be altered to reflect the chroot'd environment(ie, /home/user/mldonkey/incoming is basically now /incoming). You will also have to redirect either stdout, stderr, or both to logfiles or /dev/null(I suggest /dev/null.)
I suggest finding an initscript for a daemon that doesn't leave lockfiles or PID files around, and modify that; it'll already have proven logic for testing if the process exists and such, so start/stop/status won't do silly things like launch 2 copies. Submit it to the project for inclusion if you come up with something nice and functional; remember to use variables in the script so it's easy to customize to someone's particular installation, ie "edit this to the directory where your mldonkey binary is" etc.
HTH, Brett --
| [Prev in Thread] | Current Thread | [Next in Thread] |