[patch] nsca chroot() support

[Marc Haber]

On Sun, Mar 12, 2006 at 07:17:22AM -0500, sean finney wrote:
> but if we keep the chroot call in inetd mode there still exists a
> problem in the sense that if run in inetd mode it probably won't have
> the privilege level to chroot.

tough look. can't chroot without privileges. invoking a chrooting nsca
process without necessary privileges is a configuration error. print
error message, exit(1).

> or, if it does then it's running as
> root but won't drop privileges afterwards--which would be worse
> than not chrooting imho.

Yes.

> so, perhaps what would make the most sense is to attempt
> to chroot as the patch does now, but also attempt to drop
> privileges after the chroot. 

By all means. This is also a safeguard against the local admin
misconfiguring. If she wants nsca to run as root, she needs to
explicitly configure it to do so.

> then, if the administrator
> decides to have nsca chroot he/she can configure xinetd to
> run nsca as root, and the chroot/user/group settings from
> nsca.cfg will dictate what to do.

Yes, that's the way to go IMO.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642