[icecast] icecast 2.0.0 chroot problem

Jan-Kees Fels jankees at familyfels.com
Mon Feb 23 08:09:11 UTC 2004 


Hi,

I can run icecast as root and have it switched to another user e.g.
"icecast".

    <security>
        <chroot>0</chroot>
        <changeowner>
            <user>icecast</user>
            <group>icecast</group>
        </changeowner>
    </security>
</icecast>

The advantage of this strategy is that the icecast user doesn't have to have
login capabilities at any time. E.g. when for whatever reason you need to
start icecast again, you don't need to give this user (icecast user in my
case) login capabilities.

<p>JK

-----Original Message-----
From: owner-icecast at xiph.org [mailto:owner-icecast at xiph.org] On Behalf Of
Michael Smith
Sent: Monday, February 23, 2004 1:56 AM
To: icecast at xiph.org
Subject: Re: [icecast] icecast 2.0.0 chroot problem

On Saturday 21 February 2004 00:14, Jan-Kees Fels wrote:
> Thanks for the superfast reaction.
>
> You got me started thinking.
>
> I got rid of the following lines number 3 and 8 hereunder. They were
> present in the example xml and I think that they don't belong here
> because icecast won't run if chroot is not being used........
>
> Now it starts. I am very happy about this!!!! :-)
>
> JK
>
> 1	<security>
> 2        <chroot>0</chroot>
> 3        <!--
> 4        <changeowner>
> 5            <user>nobody</user>
> 6            <group>nogroup</group>
> 7        </changeowner>
> 8        -->
> 9    </security>
>

These lines are the start and end of a commented-out section. They're meant
to 
be here - most users don't run icecast as root. You only need this section
if 
you're running it as root - and you should only be running it as root if you

need to run it on a port <= 1024.

Mike

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

<p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.

More information about the Icecast mailing list