# Correct way to run mldonkey? (Not root, maybe as a daemon?)

## crunchtime

Hey guys can you help me out with this..

I have a downloads machine running gentoo, and I'm just wondering what the correct way of starting mldonkey at boot, as a special user with the correct privileges that it needs.

I would imagine that I could just "rc-update add mldonkey default" but that would run as root? How do I make it run as a special user and what privileges does it require?

Also there is a guide here to run mldonkey as a daemon, can anyone help me adapt this for gentoo? Then we/I can write a guide/FAQ.

Also when mldonkey is running I get High ID's but nmap does not list the ports as open, why is that?

----------

## peterton

mldonkey the Gentoo way is already safe. If you add mldonkey to your default boot level, it will not run as root. Edit /etc/conf.d/mldonkey and set it the way you prefer. My mldonkey runs as user p2p for which I created a user account. In other words, the init.d script is run as root, the mlnet daemon runs as p2p. Check /usr/share/doc/mldonkey-<version> for more info.

----------

## bludger

Does the default gentoo configuration run in a chroot jail.  I don't think it does.  This would be much more secure if it did.

----------

## peterton

It doesn't, and yes, it would be.

----------

## bludger

Here is a link to getting mldonkey to work in a chroot jail:

http://mldonkey.berlios.de/modules.php?name=Wiki&pagename=Chroot

Unfortunately this does not seem to be the default gentoo setup, which would be preferred.

----------

## bludger

The method to chroot mldonkey outlined in the link I gave did not work exactly, so I am posting the method I successfully followed.

emerge mldonkey

start mldonkey (this creates the directory /home/p2p/.mldonkey etc.:

```
/etc/init.d/mldonkey start
```

Check the needed library files with the following command (ldd doesn't seem to catch everything):

```
lsof -P -T -p MLNET_PID
```

stop mldonkey:

```
/etc/init.d/mldonkey stop
```

copy the library files to the appropriate paths.  My library listing looks like this (you don't have to change the ownerships though):

/home/p2p/.mldonkey/lib:

-rwxr-xr-x  1 p2p users   74844 Jun 13 18:40 ld-2.3.3.so

lrwxrwxrwx  1 p2p users      11 Jul  8 15:16 ld-linux.so.2 -> ld-2.3.3.so

-rwxr-xr-x  1 p2p users 1125144 Jun 13 18:40 libc-2.3.3.so

lrwxrwxrwx  1 p2p users      13 Jul  8 15:16 libc.so.6 -> libc-2.3.3.so

-rwxr-xr-x  1 p2p users   10428 Jun 13 18:40 libdl-2.3.3.so

lrwxrwxrwx  1 p2p users      14 Jul  8 15:16 libdl.so.2 -> libdl-2.3.3.so

-rwxr-xr-x  1 p2p users  156936 Jun 13 18:40 libm-2.3.3.so

lrwxrwxrwx  1 p2p users      13 Jul  8 15:16 libm.so.6 -> libm-2.3.3.so

-rwxr-xr-x  1 p2p users   13620 Jun 13 18:40 libnss_dns-2.3.3.so

lrwxrwxrwx  1 p2p users      19 Jul  8 15:16 libnss_dns.so.2 -> libnss_dns-2.3.3.so

-rwxr-xr-x  1 p2p users   33268 Jun 13 18:40 libnss_files-2.3.3.so

lrwxrwxrwx  1 p2p users      21 Jul  8 15:16 libnss_files.so.2 -> libnss_files-2.3.3.so

-rwxr-xr-x  1 p2p users   62092 Jun 13 18:40 libpthread-0.10.so

lrwxrwxrwx  1 p2p users      18 Jul  8 15:16 libpthread.so.0 -> libpthread-0.10.so

-rwxr-xr-x  1 p2p users   58320 Jun 13 18:40 libresolv-2.3.3.so

lrwxrwxrwx  1 p2p users      18 Jul  8 15:16 libresolv.so.2 -> libresolv-2.3.3.so

/home/p2p/.mldonkey/usr/lib:

lrwxrwxrwx  1 p2p users    13 Jul  8 15:16 libz.so.1 -> libz.so.1.1.4

-rwxr-xr-x  1 p2p users 54124 May  8 06:31 libz.so.1.1.4

Copy the binary files:

/home/p2p/.mldonkey/usr/bin:

-rwxr-xr-x  1 p2p users     336 May  9 09:05 mldonkey

-rwxr-xr-x  1 p2p users 3168428 May  9 09:05 mlnet

Edit /etc/passwd so that p2p processes run with gid nobody (not sure if this really adds to security, but it doesn't seem to hurt):

Mine looks like this:

p2p:x:101:65534:added by portage for mldonkey:/home/p2p:/bin/bash

Copy this line from /etc/passwd to /home/p2p/.mldonkey/etc/passwd

Edit the start-stop-daemon line of /etc/init.d/mldonkey to look like this:

```

        env HOME=${BASEDIR} start-stop-daemon --quiet --start -c ${USER}  \

                -r ${BASEDIR}/${SUBDIR}/ \

                -x /usr/bin/mlnet &>${LOG} &

```

The parameter that chroots the process is the "-r" parameter.  Checkout the start-stop-daemon man page for details.

Please let me know how you went with this.  It works for me.

Ideally this should be included in the ebuild, as it is for bind etc.

----------

## indanet

 *bludger wrote:*   

> The method to chroot mldonkey outlined in the link I gave did not work exactly, so I am posting the method I successfully followed.

 Thanks bludger, your method is working fine here!

In addition, I had to copy /bin/bash into /home/p2p/.mldonkey (as well as the libs needed by bash).

If a username and password is specified in /etc/conf.d/mldonkey, the permissions should be changed to 0660.

Best regards

indanet

----------

## indanet

 *indanet wrote:*   

> Thanks bludger, your method is working fine here!

 

One problem, though  :Wink: 

How do I get the commands like ! ls and ! df to work?  I tried changing the lines in downloads.ini from

```
        (* Commands that you are allowed to be call from the interface. These

           commands should short, so that the core is not blocked more than necessary. *)

 allowed_commands = [

  (df, "df -h");

  (ls, "ls incoming");]
```

to

```
  ...

  (ls, "ls /incoming");]

```

and

```
  ...

  (ls, "ls ./incoming");]

```

but I always keep getting the following error:

```
MLdonkey command-line:

> ! ls

exception [Invalid_argument("Filename.temp_file: temp dir nonexistent or full")]
```

I think I don't fully understand this chroot-thing... I am puzzled why lines like

```
        (* The directory where temporary files should be put *)

 temp_directory = "./temp"

        (* The directory where downloaded files should be moved after commit *)

 incoming_directory = "./incoming"
```

work, but the !-command stuff doesn't.

Note: The mldonkey executable resides in /usr/bin, while the configuration files as well as the temp and incoming folder reside in /home/p2p/.mldonkey (the chroot).

Greetings

indanet

----------

## Vanquirius

Thanks, bludger!

When I first read this thread I didn't think I would get it right in my first attempt.

I'm posting the files I had to copy over just for the sake of completeness.

This is inside /home/p2p/.mldonkey:

```
bin:

total 593

-rwxr-xr-x  1 p2p users 606028 Oct 18 20:02 bash

lib:

total 3270

-rwxr-xr-x  1 p2p users   92320 Oct 18 19:56 ld-2.3.4.so

-rwxr-xr-x  1 p2p users   92320 Oct 18 20:02 ld-linux.so.2

-rwxr-xr-x  1 p2p users 1198076 Oct 18 19:56 libc-2.3.4.so

-rwxr-xr-x  1 p2p users 1198076 Oct 18 20:02 libc.so.6

-rwxr-xr-x  1 p2p users   10268 Oct 18 19:56 libdl-2.3.4.so

-rwxr-xr-x  1 p2p users   10268 Oct 18 20:02 libdl.so.2

-rwxr-xr-x  1 p2p users  156360 Oct 18 19:56 libm-2.3.4.so

-rwxr-xr-x  1 p2p users  156360 Oct 18 19:53 libm.so.6

-rwxr-xr-x  1 p2p users   15560 Oct 18 19:56 libnss_dns-2.3.4.so

-rwxr-xr-x  1 p2p users   37296 Oct 18 19:56 libnss_files-2.3.4.so

-rwxr-xr-x  1 p2p users   73048 Oct 18 19:57 libpthread-2.3.4.so

-rwxr-xr-x  1 p2p users   73048 Oct 18 19:54 libpthread.so.0

-rwxr-xr-x  1 p2p users   68088 Oct 18 19:57 libresolv-2.3.4.so

-rwxr-xr-x  1 p2p users   67160 Oct 18 19:53 libz.so.1

-rwxr-xr-x  1 p2p users   67160 Oct 18 19:57 libz.so.1.2.1

usr/bin:

total 3291

-rwxr-xr-x  1 p2p users     336 Oct 18 19:59 mldonkey

-rwxr-xr-x  1 p2p users 3362556 Oct 18 20:00 mlnet
```

Again, nice job.

----------

