README.privsep - OpenGrok cross reference for /external/ipsec-tools/src/racoon/doc/README.privsep

Lines Matching refs:racoon
9 very complex business of racoon.
11 Because racoon does many complex things there are many opportunities for
13 someone breaks into your system using racoon and you have enabled privilege
17 available to the unprivileged instance of racoon, and from there they will be
24 directory, although racoon will prevent them from mis-using the traditional
28 in by racoon - assume they could be set to anything by a malicious entity and
37 The basic concept with racoon's privilege separation is that a minimal
38 environment containing all the files racoon needs to operate - with the
42 privileged instance of racoon will have access to them.
44 Here are basic instructions for setting up racoon to run with privilege
48 First, create a user/group for racoon to run under.  For example, user:group
53 You already have files in, e.g. /usr/local/etc/racoon - perhaps racoon.conf, a
57 cd /usr/local/etc/racoon
66 cd /usr/local/etc/racoon/certs
74 (/usr/local/etc/racoon/root) and the keys are available only to the privileged
75 instance of racoon.
77 Move any other racoon configuration data into /usr/local/etc/racoon/root,
78 with the exception of the scripts directory and racoon.conf.
80 All the files in /usr/local/etc/racoon/root should be owned by root and the
93 devfs	/usr/local/etc/racoon/root/dev	devfs	rw		0	0
97 devfs_set_rulesets="/usr/local/etc/racoon/root/dev=devfsrules_basic"
110 ln -s ../../../ root/usr/local/etc/racoon
113 racoon. Of course, you could actually put the certs directory and any other
117 root# ls -FC /usr/local/etc/racoon/root
120 root# ls -l /usr/local/etc/racoon/root/usr/local/etc
121 lrwxr-xr-x  1 root  wheel  9 Mar  7 22:13 racoon -> ../../../
123 root# ls -FC /usr/local/etc/racoon/root/usr/local/etc/racoon/
126 Presumably your racoon.conf already contains something like:
128 path certificate "/usr/local/etc/racoon/certs";
129 path script "/usr/local/etc/racoon/scripts";
136 	chroot "/usr/local/etc/racoon/root";
139 Apply the patches posted to the list and rebuild racoon (the patches will be
143 Restart racoon and hopefully things will work.  As of the date of this memo,
148 I have not tested privsep with many of racoon's features such as XAUTH or