This wiki is archived and useful information is being migrated to the main bzflag.org website
Editing BZFS in a chroot jail
Warning: The database has been locked for maintenance, so you will not be able to save your edits right now. You may wish to copy and paste your text into a text file and save it for later.
The administrator who locked it offered this explanation: Archived wiki
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 134: | Line 134: | ||
== More Security == | == More Security == | ||
− | Since you have to execute chroot as root, bzfs will run as root – which is not what we want. We can force bzfs to run as nobody by changing his ownership to nobody, and setting the | + | Since you have to execute chroot as root, bzfs will run as root – which is not what we want. We can force bzfs to run as nobody by changing his ownership to nobody, and setting the sticky bit on him. This way, when root executes /chroot/bzflag/bin/bzfs – it is executed as nobody, and therefore has very little privileges on the system. |
This is how we do that: | This is how we do that: | ||
Line 217: | Line 217: | ||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Server Security]] | [[Category:Server Security]] | ||
− |