Correct way to run mldonkey? (Not root, maybe as a daemon?)

Message

crunchtime · Post by **crunchtime** » Sun Jun 27, 2004 12:17 am

Hey guys can you help me out with this..

I have a downloads machine running gentoo, and I'm just wondering what the correct way of starting mldonkey at boot, as a special user with the correct privileges that it needs.

I would imagine that I could just "rc-update add mldonkey default" but that would run as root? How do I make it run as a special user and what privileges does it require?

Also there is a guide here to run mldonkey as a daemon, can anyone help me adapt this for gentoo? Then we/I can write a guide/FAQ.

Also when mldonkey is running I get High ID's but nmap does not list the ports as open, why is that?

peterton · Post by **peterton** » Sun Jun 27, 2004 1:46 pm

mldonkey the Gentoo way is already safe. If you add mldonkey to your default boot level, it will not run as root. Edit /etc/conf.d/mldonkey and set it the way you prefer. My mldonkey runs as user p2p for which I created a user account. In other words, the init.d script is run as root, the mlnet daemon runs as p2p. Check /usr/share/doc/mldonkey-<version> for more info.

bludger · Post by **bludger** » Thu Jul 01, 2004 4:08 pm

Does the default gentoo configuration run in a chroot jail. I don't think it does. This would be much more secure if it did.

peterton · Post by **peterton** » Thu Jul 01, 2004 8:34 pm

It doesn't, and yes, it would be.

bludger · Post by **bludger** » Fri Jul 02, 2004 11:52 am

Here is a link to getting mldonkey to work in a chroot jail:

http://mldonkey.berlios.de/modules.php? ... ame=Chroot

Unfortunately this does not seem to be the default gentoo setup, which would be preferred.

bludger · Post by **bludger** » Sat Jul 10, 2004 10:50 am

The method to chroot mldonkey outlined in the link I gave did not work exactly, so I am posting the method I successfully followed.

emerge mldonkey

start mldonkey (this creates the directory /home/p2p/.mldonkey etc.:

Code: Select all

/etc/init.d/mldonkey start

Check the needed library files with the following command (ldd doesn't seem to catch everything):

Code: Select all

lsof -P -T -p MLNET_PID

stop mldonkey:

Code: Select all

/etc/init.d/mldonkey stop

copy the library files to the appropriate paths. My library listing looks like this (you don't have to change the ownerships though):

/home/p2p/.mldonkey/lib:
-rwxr-xr-x 1 p2p users 74844 Jun 13 18:40 ld-2.3.3.so
lrwxrwxrwx 1 p2p users 11 Jul 8 15:16 ld-linux.so.2 -> ld-2.3.3.so
-rwxr-xr-x 1 p2p users 1125144 Jun 13 18:40 libc-2.3.3.so
lrwxrwxrwx 1 p2p users 13 Jul 8 15:16 libc.so.6 -> libc-2.3.3.so
-rwxr-xr-x 1 p2p users 10428 Jun 13 18:40 libdl-2.3.3.so
lrwxrwxrwx 1 p2p users 14 Jul 8 15:16 libdl.so.2 -> libdl-2.3.3.so
-rwxr-xr-x 1 p2p users 156936 Jun 13 18:40 libm-2.3.3.so
lrwxrwxrwx 1 p2p users 13 Jul 8 15:16 libm.so.6 -> libm-2.3.3.so
-rwxr-xr-x 1 p2p users 13620 Jun 13 18:40 libnss_dns-2.3.3.so
lrwxrwxrwx 1 p2p users 19 Jul 8 15:16 libnss_dns.so.2 -> libnss_dns-2.3.3.so
-rwxr-xr-x 1 p2p users 33268 Jun 13 18:40 libnss_files-2.3.3.so
lrwxrwxrwx 1 p2p users 21 Jul 8 15:16 libnss_files.so.2 -> libnss_files-2.3.3.so
-rwxr-xr-x 1 p2p users 62092 Jun 13 18:40 libpthread-0.10.so
lrwxrwxrwx 1 p2p users 18 Jul 8 15:16 libpthread.so.0 -> libpthread-0.10.so
-rwxr-xr-x 1 p2p users 58320 Jun 13 18:40 libresolv-2.3.3.so
lrwxrwxrwx 1 p2p users 18 Jul 8 15:16 libresolv.so.2 -> libresolv-2.3.3.so

/home/p2p/.mldonkey/usr/lib:
lrwxrwxrwx 1 p2p users 13 Jul 8 15:16 libz.so.1 -> libz.so.1.1.4
-rwxr-xr-x 1 p2p users 54124 May 8 06:31 libz.so.1.1.4

Copy the binary files:
/home/p2p/.mldonkey/usr/bin:
-rwxr-xr-x 1 p2p users 336 May 9 09:05 mldonkey
-rwxr-xr-x 1 p2p users 3168428 May 9 09:05 mlnet

Edit /etc/passwd so that p2p processes run with gid nobody (not sure if this really adds to security, but it doesn't seem to hurt):
Mine looks like this:
p2p

101:65534:added by portage for mldonkey:/home/p2p:/bin/bash

Copy this line from /etc/passwd to /home/p2p/.mldonkey/etc/passwd

Edit the start-stop-daemon line of /etc/init.d/mldonkey to look like this:

Code: Select all

        env HOME=${BASEDIR} start-stop-daemon --quiet --start -c ${USER}  \
                -r ${BASEDIR}/${SUBDIR}/ \
                -x /usr/bin/mlnet &>${LOG} &

The parameter that chroots the process is the "-r" parameter. Checkout the start-stop-daemon man page for details.

Please let me know how you went with this. It works for me.

Ideally this should be included in the ebuild, as it is for bind etc.

indanet · Post by **indanet** » Sun Sep 05, 2004 11:53 pm

bludger wrote:The method to chroot mldonkey outlined in the link I gave did not work exactly, so I am posting the method I successfully followed.

Thanks bludger, your method is working fine here!

In addition, I had to copy /bin/bash into /home/p2p/.mldonkey (as well as the libs needed by bash).

If a username and password is specified in /etc/conf.d/mldonkey, the permissions should be changed to 0660.

Best regards
indanet

indanet · Post by **indanet** » Wed Sep 08, 2004 12:59 pm

indanet wrote:Thanks bludger, your method is working fine here!

One problem, though

How do I get the commands like ! ls and ! df to work? I tried changing the lines in downloads.ini from

Code: Select all

        (* Commands that you are allowed to be call from the interface. These
           commands should short, so that the core is not blocked more than necessary. *)
 allowed_commands = [
  (df, "df -h");
  (ls, "ls incoming");]

to

Code: Select all

  ...
  (ls, "ls /incoming");]

and

Code: Select all

  ...
  (ls, "ls ./incoming");]

but I always keep getting the following error:

Code: Select all

MLdonkey command-line:
> ! ls
exception [Invalid_argument("Filename.temp_file: temp dir nonexistent or full")]

I think I don't fully understand this chroot-thing... I am puzzled why lines like

Code: Select all

        (* The directory where temporary files should be put *)
 temp_directory = "./temp"

        (* The directory where downloaded files should be moved after commit *)
 incoming_directory = "./incoming"

work, but the !-command stuff doesn't.

Note: The mldonkey executable resides in /usr/bin, while the configuration files as well as the temp and incoming folder reside in /home/p2p/.mldonkey (the chroot).

Greetings
indanet

Vanquirius · Post by **Vanquirius** » Mon Oct 18, 2004 11:07 pm

Thanks, bludger!
When I first read this thread I didn't think I would get it right in my first attempt.

I'm posting the files I had to copy over just for the sake of completeness.

This is inside /home/p2p/.mldonkey:

Code: Select all

bin:
total 593
-rwxr-xr-x  1 p2p users 606028 Oct 18 20:02 bash

lib:
total 3270
-rwxr-xr-x  1 p2p users   92320 Oct 18 19:56 ld-2.3.4.so
-rwxr-xr-x  1 p2p users   92320 Oct 18 20:02 ld-linux.so.2
-rwxr-xr-x  1 p2p users 1198076 Oct 18 19:56 libc-2.3.4.so
-rwxr-xr-x  1 p2p users 1198076 Oct 18 20:02 libc.so.6
-rwxr-xr-x  1 p2p users   10268 Oct 18 19:56 libdl-2.3.4.so
-rwxr-xr-x  1 p2p users   10268 Oct 18 20:02 libdl.so.2
-rwxr-xr-x  1 p2p users  156360 Oct 18 19:56 libm-2.3.4.so
-rwxr-xr-x  1 p2p users  156360 Oct 18 19:53 libm.so.6
-rwxr-xr-x  1 p2p users   15560 Oct 18 19:56 libnss_dns-2.3.4.so
-rwxr-xr-x  1 p2p users   37296 Oct 18 19:56 libnss_files-2.3.4.so
-rwxr-xr-x  1 p2p users   73048 Oct 18 19:57 libpthread-2.3.4.so
-rwxr-xr-x  1 p2p users   73048 Oct 18 19:54 libpthread.so.0
-rwxr-xr-x  1 p2p users   68088 Oct 18 19:57 libresolv-2.3.4.so
-rwxr-xr-x  1 p2p users   67160 Oct 18 19:53 libz.so.1
-rwxr-xr-x  1 p2p users   67160 Oct 18 19:57 libz.so.1.2.1

usr/bin:
total 3291
-rwxr-xr-x  1 p2p users     336 Oct 18 19:59 mldonkey
-rwxr-xr-x  1 p2p users 3362556 Oct 18 20:00 mlnet

Again, nice job.