View Issue Details

IDProjectCategoryView StatusLast Update
0002446unrealdocumentationpublic2007-09-19 05:06
ReporterBeastieAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.2.3 
Target VersionFixed in Version3.2.8 
Summary0002446: Chroot and uid, gid macros undocumented
DescriptionRecently I asked You for implementing a command line option for chrooting unreal, and changing the user it runs as, but Syzop told me that I can do this with setting some macros. Now I want to upgrade with this settings, but I can't find that topic here, and there's nothing about that in the official documentation. I think it should be added to the document.
TagsNo tags attached.
3rd party modules

Relationships

child of 0003454 resolvedsyzop Unreal3.2.8 TODO 

Activities

Beastie

2005-03-26 16:17

reporter   ~0009663

Or maybe these settings could be added to the new ./Config -advanced script.

syzop

2005-04-01 16:23

administrator   ~0009689

Last edited: 2005-04-01 16:23

Perhaps @ ./Config -advanced

But what do you mean with undocumented? It's quite documented in include/config.h. There's at least no need for any outside documentation if you ask me. But yeah, a reference somewhere that you can tweak stuff in config.h seems a good idea (I thought we had that already, but apparantly not [/grep]).

Beastie

2005-04-05 12:57

reporter   ~0009708

Yes, it's documented in config.php, but how can a user notice this functionality? We can assume that user is experienced in the open source world, but probably (s)he won't read through all of the include files to look for such "hidden" features. As far as I think, chrooting is quite a famous and a loved technique in the unixlike world, but the users can't notice UnrealIRCD's chrooting capalities unless they read the source code. And everyday users not usually read source codes. :) As for me, I have been using Unreal for a long time (since 3.2-beta12), and I haven't noticed this feature until I sent here a feature request to implement such features, and You told me how to edit that macros. I did what You told and the chroot works fine, but the ircd doesn't change the uid/gid as I specified.

syzop

2005-04-07 15:39

administrator   ~0009712

well, you must be doing something wrong then, it's kinda impossible that it doesn't work if you do it right (setuid() as root with a decent uid never fails) :P.

#define CHROOTDIR
#define IRC_UID 39
#define IRC_GID 39
and recompile

If it still doesn't work you might want to strace it.. ('strace -f -F -o strace.log src/ircd' followed by 'grep setuid strace.log')

On-topic: it's quite common for programs to have some options in config.h, there are tons of (opensource) programs that do this, it's especially for things that are rarely changed. Hence, I agree, that those 3 would be nice in ./Config -advanced instead, but many other options should not be in there.

Beastie

2005-04-09 09:10

reporter   ~0009720

I don't think I did something wrong, my config.h contained this:

#define CHROOTDIR "/usr/local/ircd"
#define IRC_UID 6667
#define IRC_GID 6667

6667 represents an existing "ircd" user and group with a homedir (/usr/local/ircd) and a shell (/bin/sh), but there's no login password, I had started ircd with su ircd -c "/usr/local/ircd/unreal start" before I started to experiment with this macros. And in this new case I simply typed "/usr/local/ircd/unreal start" as root. It started and the chroot worked. I surely know this, because the line loadmodule "/modules/commands.so"; produces no error, but the uid and the gid haven't changed. There's been a full server restart since then and my rc.d script tried to start ircd with the old way, and it has got some troubles with the urandom dev file. (I use SSL.) Maybe there's some problem with that files, that's why the ircd can't change?! I can't experiment a lot, because we don't want to lost our chatters, but I'll compile an another instance of the ircd, and maybe we can make use of that.

syzop

2005-04-09 10:53

administrator   ~0009721

Ok, well it's '#define CHROODIR' not anything with a value (it uses the dir specified during ./Config)

As for urandom etc: well I wouldn't be surprised if your ""security measures"" were getting you into trouble, but anyway...
As for the rest: like I said.. strace it, or truss or whatever.

stskeeps

2007-04-19 04:38

reporter   ~0013592

Bump. Is this still valid?

stskeeps

2007-06-21 16:11

reporter   ~0014399

We may need to document the new IRC_USER | IRC_GID defines.

syzop

2007-09-19 05:06

administrator   ~0014789

.685:
- Document CHROOTDIR in unreal32docs, reported by Beastie (0002446).

tnx for the report

Issue History

Date Modified Username Field Change
2005-03-26 16:10 Beastie New Issue
2005-03-26 16:17 Beastie Note Added: 0009663
2005-04-01 16:23 syzop Note Added: 0009689
2005-04-01 16:23 syzop Note Edited: 0009689
2005-04-05 12:57 Beastie Note Added: 0009708
2005-04-07 15:39 syzop Note Added: 0009712
2005-04-09 09:10 Beastie Note Added: 0009720
2005-04-09 10:53 syzop Note Added: 0009721
2007-04-19 04:38 stskeeps Note Added: 0013592
2007-04-27 02:53 stskeeps Status new => acknowledged
2007-06-21 16:11 stskeeps Note Added: 0014399
2007-07-18 07:28 stskeeps Relationship added child of 0003454
2007-09-19 05:06 syzop QA => Not touched yet by developer
2007-09-19 05:06 syzop U4: Need for upstream patch => No need for upstream InspIRCd patch
2007-09-19 05:06 syzop Status acknowledged => resolved
2007-09-19 05:06 syzop Fixed in Version => 3.2.8
2007-09-19 05:06 syzop Resolution open => fixed
2007-09-19 05:06 syzop Assigned To => syzop
2007-09-19 05:06 syzop Note Added: 0014789