Differences between current version and revision by previous author of ChrootNotes.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
Newer page: | version 3 | Last edited on Monday, September 22, 2008 12:06:16 pm | by LawrenceDoliveiro | |
Older page: | version 2 | Last edited on Tuesday, March 11, 2008 3:33:40 pm | by JohnMcPherson | Revert |
@@ -1,4 +1,18 @@
+!!Finding the right libraries
+
+You can find most of the libraries needed to run an executable using the ldd(1) command. E.g. if you're trying to set up <code>sftp-server</code> (part of [SSH]) for use under [SCPOnly]:
+
+ ldd /usr/lib/misc/sftp-server
+
+and then copy the referenced libraries from <code>/lib</code> to <code>/</code>''chroot-area''<code>/lib</code> and from <code>/usr/lib</code> to <code>/</code>''chroot-area''<code>/usr/lib</code>.
+
+This may or may not get everything. In one case, I finally had to resort to brute force and make everything in <code>/lib</code> available. I didn't copy the entire directory, I simply did a temporary bind-mount:
+
+ mount --bind /lib /''chroot-area''/lib
+
+And then I did an SFTP connection as the chrooted user, looked for the process running the <code>sftp-server</code> executable, and examined which libraries it had mapped, by examining the <code>/proc/</code>''pid''<code>/maps</code> file. Once I had identified the ones I was missing, I could remove the bind mount and copy across the necessary libraries.
+
!!Syslog inside your chroot
I had a few issues getting syslog to work -