Copyright (C) 2001, Luciano Rocha 

RootJail is a small program designed to safely run dangerous or unreliable
services.

It works like init(8) in that it spawns processes and watches for them. If any
dies, it respawns it. If the child is misbehaving, in that it's dieing
repeatedly, it is then disabled.

Besides doing that, before doing anything related to the service, it changes
the current directory to that of the service, does a chroot(2) to
that directory, changes it's uid and gid to the one's the service will
run as, and only if none of the steps fails is the service then executed.

So, in effect, the service runs under a "root jail", in that it can't access
any file outside it's directory.


To compile:

	make
	make install


To run:
	rootjail <user/uid>[[[:<group/gid>]:<service/home directory>]:<program>]

The user name or uid is mandatory, all other arguments, if not specified, are
taken from the information of that user:
	the "program" is taken from the user's shell, but if it's empty or
it's a standard shell (*sh), then it defaults to "/go";
	the directory is the user's home directory
	the group is the primary group for that user.

It is also possible to specify a default argument by leaving it blank, eg:
	rootjail moo:/home/moo/test:

	-> will do a chdir("/home/moo/test"); chroot("."); setgid(moo's gid);
		setuid(moo); exec("/go");

Here are some examples:
	rootjail apache:bin/httpd  talker:nobody::  talker:nobody::talker2

etc...

As a note: don't forget that almost all executables use one or another shared
library, so make sure to include the ones it needs in the root jail.

Signals:
	When the daemon receives the SIGHUP signal, it reactivates all
	services that were deactivated for respawning too fast.
	When the signal SIGTERM is received the daemon, before exiting, sends
	also a SIGTERM signal to all of it's childs (the services). It sends
	it two times, at the third time, it sends a SIGKILL signal, then exits.

Any sugestions/comments, please send them to the address above.