[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] chrooting sks.
From: |
jack-sks-devel |
Subject: |
Re: [Sks-devel] chrooting sks. |
Date: |
Wed, 5 Jan 2005 09:25:56 -0800 |
User-agent: |
Mutt/1.4.1i |
On Wed, Jan 05, 2005 at 02:00:37PM +0100, Olaf Gellert wrote:
> > * I used chroot_safe[0] to start up a daemontools svscan inside the
> > chroot. chroot_safe is a step up from chroot, in that it does setgid()
> > and setgid().
> We are using chrootuid for this purpose, it would be
> very nice if SKS itself would have a feature to drop
> it's root privileges (because it needs root privileges
> if it should listen on port 80 (which in turn enables
> users behind restrict firewalls to contact the key
> server)).
I get around binding port 80 by using apache mod_proxy:
<VirtualHost ice.mudshark.org>
ProxyPass / http://ice.mudshark.org:11371/
ProxyPassReverse / http://ice.mudshark.org:11371/
</VirtualHost>
Cheers,
--Jack
--
Jack (John) Cummings http://mudshark.org/jack
PGP fingerprint: 0774 D073 E386 B70B 6B16 2D2B 1DD8 F8B0 CCF0 FAEE
Now playing on Prime: Wherever I May Roam -- Apocalyptica
Now playing on Remedial: Why Should I Care -- Diana Krall
pgp2Z7PwLMLIa.pgp
Description: PGP signature