Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 519 — #545
i
i
i
i
i
i
i
i
21
Linux in the Network
21.11.5 The SUSE LINUX Version
To improve security, the SUSE version of the ISC’s DHCP server comes
with the non-root/chroot patch by Ari Edelkind applied. This enables
dhcpd to run with the permissions of nobody and run in a chroot envi-
ronment (/var/lib/dhcp/. To make this possible, the configuration file
/etc/dhcpd.conf must be located in /var/lib/dhcp/etc/. The cor-
responding init script automatically copies the file to this directory when
starting.
Control the server’s behavior with regard to this feature through the con-
figuration file /etc/sysconfig/dhcpd. To continue running dhcpd
without the chroot environment, set the variable DHCPD_RUN_CHROOTED
in /etc/sysconfig/dhcpd to “no”.
To enable dhcpd to resolve host names even from within the chroot envi-
ronment, some other configuration files must be copied as well:
/etc/localtime
/etc/host.conf
/etc/hosts
/etc/resolv.conf
These files are copied to /var/lib/dhcp/etc/ when starting the init
script. These copies must be taken into account for any changes that they
require, if they are dynamically modified by scripts like /etc/ppp/ip-
up. However, there should be no need to worry about this if the configura-
tion file only specifies IP addresses (instead of host names).
If your configuration includes additional files that should be copied into
the chroot environment, specify these under the variable DHCPD_CONF_-
INCLUDE_FILES in the file etc/sysconfig/dhcpd. To make sure the
DHCP logging facility keeps working even after a restart of the syslog dae-
mon, it is necessary to add the option "-a /var/lib/dhcp/dev/log"
under SYSLOGD_PARAMS in the file /etc/sysconfig/syslog.
519SUSE LINUX Enterprise Server