Re: [Sks-devel] chrooting sks.

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] chrooting sks.

From:	jack-sks-devel
Subject:	Re: [Sks-devel] chrooting sks.
Date:	Wed, 5 Jan 2005 09:25:56 -0800
User-agent:	Mutt/1.4.1i

On Wed, Jan 05, 2005 at 02:00:37PM +0100, Olaf Gellert wrote:

> > * I used chroot_safe[0] to start up a daemontools svscan inside the
> >   chroot. chroot_safe is a step up from chroot, in that it does setgid()
> >   and setgid(). 
 
> We are using chrootuid for this purpose, it would be
> very nice if SKS itself would have a feature to drop
> it's root privileges (because it needs root privileges
> if it should listen on port 80 (which in turn enables
> users behind restrict firewalls to contact the key
> server)).

I get around binding port 80 by using apache mod_proxy:

<VirtualHost ice.mudshark.org>
        ProxyPass / http://ice.mudshark.org:11371/ 
        ProxyPassReverse / http://ice.mudshark.org:11371/
</VirtualHost>
 
Cheers, 

--Jack 

--
Jack (John) Cummings                       http://mudshark.org/jack 
PGP fingerprint: 0774 D073 E386 B70B 6B16  2D2B 1DD8 F8B0 CCF0 FAEE
Now playing on Prime:    Wherever I May Roam -- Apocalyptica
Now playing on Remedial: Why Should I Care -- Diana Krall

pgp2Z7PwLMLIa.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] chrooting sks., Olaf Gellert, 2005/01/05
- Re: [Sks-devel] chrooting sks., jack-sks-devel <=

Prev by Date: [Sks-devel] pgp.uni-mainz.de is now sks and searching for sync partners
Next by Date: Re: [Sks-devel] pgp.uni-mainz.de is now sks and searching for sync partners
Previous by thread: Re: [Sks-devel] chrooting sks.
Next by thread: [Sks-devel] pgp.uni-mainz.de is now sks and searching for sync partners
Index(es):
- Date
- Thread