Synopsis chruid -u <UID> -g <GID> -c <PATH> -x <BIN> -o <OPTION1> -o <OPTION2> -o <OPTIONN> -p -j -n <HOSTNAME> -i <IP>
-u <UID>
specifies the UID the program should be run under-g <GID>
specifies the GID the program should be run under-c <PATH>
specifies the PATH we shall chroot() to _before_ running BIN-x <BIN>
specifies the BIN we shall execute-o <OPTION>
option(s) which should be passed to BIN when executing, '-o <OPTION>' can be specified as often as needed-pif this parameter is given, chruid keeps the current environment intact, while otherwise it creates a new, empty one with standard variables.-jif this parameter is given on a FreeBSD host, chruid uses jail() (if support is compiled into the binary) to chroot() to the given path and restrict IPC and network system calls to the IP given.-i <IP>this parameter specifies the ip certain network system calls are restricted to inside the jail, it has to be specified when -j is given-n <HOSTNAME>specifies the hostname inside the jail, it has to specified when -j is given
chruid -u 2000 -g 1000 -c /www -x /tomcat/bin/tomcat.sh -o start -pThis would chroot() to "/www", set it's UID/GID to 2000/1000, preserves the environment and executes "/tomcat/bin/tomcat.sh" with the option "start".
chruid -u 4000 -g 65535 -c /services/samba -x /rc.d/smbd -o start -j -i samba.foo.bar -i 1.2.3.4On a FreeBSD host this would jail() to "/services/samba", set it's UID/GID to 4000/65535, create a new default environment and execute "/rc.d/samba" with the option "start" while having the jail restricted to the ip "1.2.3.4"
The following snapshots are available: