[Bug 12817] New: [PATCH] Allow daemon itself to chroot
samba-bugs at samba.org
samba-bugs at samba.org
Sun Jun 4 21:13:37 UTC 2017
https://bugzilla.samba.org/show_bug.cgi?id=12817
Bug ID: 12817
Summary: [PATCH] Allow daemon itself to chroot
Product: rsync
Version: 3.1.2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: core
Assignee: wayned at samba.org
Reporter: ben.rubson at gmail.com
QA Contact: rsync-qa at samba.org
Created attachment 13248
--> https://bugzilla.samba.org/attachment.cgi?id=13248&action=edit
rsync_daemon_chroot
Hello,
Here is a patch which adds 3 new parameters to rsyncd.conf :
daemon chroot
daemon gid
daemon uid
The first one is a path to a directory the daemon itself will chroot to before
beginning communication with clients.
The 2 others are the uid/gid the daemon itself will switch to before beginning
communication with clients.
These parameters can improve security.
For example, using daemon via a restricted remote-shell connection, for
security reasons, if we want whole rsync to be chrooted, we can now use :
daemon chroot = /home/%SUDO_USER%/rsync/
daemon uid = %SUDO_UID%
daemon gid = %SUDO_GID%
With of course rsync being sudo-called by the restricted shell (to configure
properly).
We could already do this without this patch, using the "use chroot" parameter,
but then the daemon itself is not chrooted and remains run by root.
Thank you !
Ben
--
You are receiving this mail because:
You are the QA Contact for the bug.
More information about the rsync
mailing list