View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002446||unreal||documentation||public||2005-03-26 16:10||2007-09-19 05:06|
|Target Version||Fixed in Version||3.2.8|
|Summary||0002446: Chroot and uid, gid macros undocumented|
|Description||Recently I asked You for implementing a command line option for chrooting unreal, and changing the user it runs as, but Syzop told me that I can do this with setting some macros. Now I want to upgrade with this settings, but I can't find that topic here, and there's nothing about that in the official documentation. I think it should be added to the document.|
|Tags||No tags attached.|
|3rd party modules|
||Or maybe these settings could be added to the new ./Config -advanced script.|
Perhaps @ ./Config -advanced
But what do you mean with undocumented? It's quite documented in include/config.h. There's at least no need for any outside documentation if you ask me. But yeah, a reference somewhere that you can tweak stuff in config.h seems a good idea (I thought we had that already, but apparantly not [/grep]).
||Yes, it's documented in config.php, but how can a user notice this functionality? We can assume that user is experienced in the open source world, but probably (s)he won't read through all of the include files to look for such "hidden" features. As far as I think, chrooting is quite a famous and a loved technique in the unixlike world, but the users can't notice UnrealIRCD's chrooting capalities unless they read the source code. And everyday users not usually read source codes. :) As for me, I have been using Unreal for a long time (since 3.2-beta12), and I haven't noticed this feature until I sent here a feature request to implement such features, and You told me how to edit that macros. I did what You told and the chroot works fine, but the ircd doesn't change the uid/gid as I specified.|
well, you must be doing something wrong then, it's kinda impossible that it doesn't work if you do it right (setuid() as root with a decent uid never fails) :P.
#define IRC_UID 39
#define IRC_GID 39
If it still doesn't work you might want to strace it.. ('strace -f -F -o strace.log src/ircd' followed by 'grep setuid strace.log')
On-topic: it's quite common for programs to have some options in config.h, there are tons of (opensource) programs that do this, it's especially for things that are rarely changed. Hence, I agree, that those 3 would be nice in ./Config -advanced instead, but many other options should not be in there.
I don't think I did something wrong, my config.h contained this:
#define CHROOTDIR "/usr/local/ircd"
#define IRC_UID 6667
#define IRC_GID 6667
6667 represents an existing "ircd" user and group with a homedir (/usr/local/ircd) and a shell (/bin/sh), but there's no login password, I had started ircd with su ircd -c "/usr/local/ircd/unreal start" before I started to experiment with this macros. And in this new case I simply typed "/usr/local/ircd/unreal start" as root. It started and the chroot worked. I surely know this, because the line loadmodule "/modules/commands.so"; produces no error, but the uid and the gid haven't changed. There's been a full server restart since then and my rc.d script tried to start ircd with the old way, and it has got some troubles with the urandom dev file. (I use SSL.) Maybe there's some problem with that files, that's why the ircd can't change?! I can't experiment a lot, because we don't want to lost our chatters, but I'll compile an another instance of the ircd, and maybe we can make use of that.
Ok, well it's '#define CHROODIR' not anything with a value (it uses the dir specified during ./Config)
As for urandom etc: well I wouldn't be surprised if your ""security measures"" were getting you into trouble, but anyway...
As for the rest: like I said.. strace it, or truss or whatever.
|Bump. Is this still valid?|
|We may need to document the new IRC_USER | IRC_GID defines.|
- Document CHROOTDIR in unreal32docs, reported by Beastie (0002446).
tnx for the report
|2005-03-26 16:10||Beastie||New Issue|
|2005-03-26 16:17||Beastie||Note Added: 0009663|
|2005-04-01 16:23||syzop||Note Added: 0009689|
|2005-04-01 16:23||syzop||Note Edited: 0009689|
|2005-04-05 12:57||Beastie||Note Added: 0009708|
|2005-04-07 15:39||syzop||Note Added: 0009712|
|2005-04-09 09:10||Beastie||Note Added: 0009720|
|2005-04-09 10:53||syzop||Note Added: 0009721|
||Note Added: 0013592|
||Status||new => acknowledged|
||Note Added: 0014399|
||Relationship added||child of 0003454|
|2007-09-19 05:06||syzop||QA||=> Not touched yet by developer|
|2007-09-19 05:06||syzop||U4: Need for upstream patch||=> No need for upstream InspIRCd patch|
|2007-09-19 05:06||syzop||Status||acknowledged => resolved|
|2007-09-19 05:06||syzop||Fixed in Version||=> 3.2.8|
|2007-09-19 05:06||syzop||Resolution||open => fixed|
|2007-09-19 05:06||syzop||Assigned To||=> syzop|
|2007-09-19 05:06||syzop||Note Added: 0014789|