make
Now you have './src/client/cmdline/captive-cmdline' available for testing.
-Later you may invoke standard:
- make install
-Manual addition of user and group 'captive' is required for '--sandbox-server':
+Manual addition of user and group 'captive' is required for '--sandbox-server'.
+User 'captive' should have its group 'captive'. Login should be forbidden.
+Commands may vary on your system, please consult groupadd(8) and useradd(8):
groupadd captive
- useradd captive
+ useradd -g captive -r -s /sbin/nologin captive
+
+Later you may invoke standard:
+ make install
Both these steps will be suggested during 'make install' if appropriate:
You may need to add '/usr/local/lib' line (without quotes) to your
# AC_ARG_ENABLE(sandbox-setuid,[--enable-sandbox-setuid=USER],,[CAPTIVE_SANDBOX_SETUID="captive"])
AC_DEFINE_UNQUOTED(CAPTIVE_SANDBOX_SETUID,"$CAPTIVE_SANDBOX_SETUID",
[non-privileged user for captive-sandbox-server])
+AC_SUBST(CAPTIVE_SANDBOX_SETUID)
# AC_ARG_ENABLE(sandbox-setgid,[--enable-sandbox-setgid=GROUP],,[CAPTIVE_SANDBOX_SETGID="captive"])
AC_DEFINE_UNQUOTED(CAPTIVE_SANDBOX_SETGID,"$CAPTIVE_SANDBOX_SETGID",
[non-privileged group for captive-sandbox-server])
+AC_SUBST(CAPTIVE_SANDBOX_SETGID)
# AC_ARG_ENABLE(sandbox-chroot,[--enable-sandbox-chroot=DIR],,[CAPTIVE_SANDBOX_CHROOT="/var/lib/captive"])
AC_DEFINE_UNQUOTED(CAPTIVE_SANDBOX_CHROOT,"$CAPTIVE_SANDBOX_CHROOT",
$(mkinstalldirs) $(DESTDIR)$(CAPTIVE_SANDBOX_CHROOT)/tmp
chmod 1777 $(DESTDIR)$(CAPTIVE_SANDBOX_CHROOT)/tmp
+install-exec-hook:
+ if test `id -u` -eq 0 -a -z "$(DESTDIR)";then \
+ if grep -q '^$(CAPTIVE_SANDBOX_SETGID):' /etc/group;then true;else \
+ echo "ERROR: Add '$(CAPTIVE_SANDBOX_SETGID)' to your '/etc/group'; see README and groupadd(8)"; \
+ exit 1; \
+ fi; \
+ if grep -q '^$(CAPTIVE_SANDBOX_SETUID):' /etc/passwd;then true;else \
+ echo "ERROR: Add '$(CAPTIVE_SANDBOX_SETUID)' to your '/etc/passwd'; see README and useradd(8)"; \
+ exit 1; \
+ fi; \
+ fi
+
EXTRA_DIST+=captive-sandbox-server.pod.pl.in
CLEANFILES+=captive-sandbox-server.pod captive-sandbox-server.1
if ENABLE_MAN_PAGES