[icecast] icecast 2.0.0 chroot problem

Jan-Kees Fels jankees at familyfels.com
Fri Feb 20 20:05:58 UTC 2004



Hi,

As a relative newby to linux I figured it out myself that the security on
the dirs, as you mentioned. had to be opened. As far as the shell login, I
use the user "icecast" and have the following setup:
icecast:x:503:505::/home/icecast:/bin/bash

I believe that it might be wiser to indeed disable the login of icecast, but
on my redhat 3.0 as machine it is not required in order to perform the
"chroot" operation.

JK

-----Original Message-----
From: owner-icecast at xiph.org [mailto:owner-icecast at xiph.org] On Behalf Of
David Kramer
Sent: Friday, February 20, 2004 7:35 PM
To: 'icecast at xiph.org'
Subject: RE: [icecast] icecast 2.0.0 chroot problem

Not sure if this has been fully answered yet, but in order for chroot
services to run effectively you will need to change the ownership of all
directories and files to, in this case, nobody:nobody.  If you are not very
familar with running chroots, you will also need to disable the shell login
within your /etc/passwd file ex like this:

icecast:x:504:505::/opt/icecast:/sbin/nologin

In this case I set the home dir to my chroot directory where Icecast begins,
but also disable the shell login.  Im really anal about my users and
services matching so I created a specific user for running icecast.  In your
icecast.xml file you will also need to set your base directory to match your
chroot:

         <!-- basedir is only used if chroot is enabled -->
        <basedir>/opt/icecast</basedir>

        <!-- Note that if <chroot> is turned on below, these paths must both
             be relative to the new root, not the original root -->
        <logdir>/logs</logdir>
        <webroot>/share/icecast/web</webroot>
        <adminroot>/share/icecast/admin</adminroot>
        <pidfile>/share/icecast/icecast.pid</pidfile>

<p>Let me know if you need anymore help setting this up.  This seems to be one
aspect of icecast I found rather easy for myself.  Now if I can just get it
connected to a DSP!!!

Cheers,

David

<p>> -----Original Message-----
> From: Geoff Shang [mailto:gshang at pacific.net.au]
> Sent: Friday, February 20, 2004 5:59 AM
> To: icecast at xiph.org
> Subject: RE: [icecast] icecast 2.0.0 chroot problem
> 
> 
> On Fri, 20 Feb 2004, Jan-Kees Fels wrote:
> 
> > I got rid of the following lines number 3 and 8 hereunder. They were
> > present in the example xml and I think that they don't belong here
> > because icecast won't run if chroot is not being used........
> 
> Lines 3 and 8 specified the beginning and end of a commented 
> out section.
> The chroot section is commented out since you only need to 
> configure it if
> you are running it as root (you're encouraged to run it as 
> someone else)
> and should be edited before use at any rate.
> 
> Geoff.
> 
> 
> --- >8 ----
> List archives:  http://www.xiph.org/archives/
> icecast project homepage: http://www.icecast.org/
> To unsubscribe from this list, send a message to 
> 'icecast-request at xiph.org'
> containing only the word 'unsubscribe' in the body.  No 
> subject is needed.
> Unsubscribe messages sent to the list will be ignored/filtered.
> 
--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

<p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast mailing list