Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
ChrootNotes
Edit
PageHistory
Diff
Info
LikePages
!!Finding the right libraries You can find most of the libraries needed to run an executable using the ldd(1) command. E.g. if you're trying to set up <code>sftp-server</code> (part of [SSH]) for use under [SCPOnly]: ldd /usr/lib/misc/sftp-server and then copy the referenced libraries from <code>/lib</code> to <code>/</code>''chroot-area''<code>/lib</code> and from <code>/usr/lib</code> to <code>/</code>''chroot-area''<code>/usr/lib</code>. This may or may not get everything. In one case, I finally had to resort to brute force and make everything in <code>/lib</code> available. I didn't copy the entire directory, I simply did a temporary bind-mount: mount --bind /lib /''chroot-area''/lib And then I did an SFTP connection as the chrooted user, looked for the process running the <code>sftp-server</code> executable, and examined which libraries it had mapped, by examining the <code>/proc/</code>''pid''<code>/maps</code> file. Once I had identified the ones I was missing, I could remove the bind mount and copy across the necessary libraries. !!Syslog inside your chroot I had a few issues getting syslog to work - # In debian, the start-stop-daemon program used to start syslog finds the existing syslog running (ie the one outside the chroot) and won't start another one. I fixed this by changing a line in <tt>/etc/init.d/sysklogd</tt> from "<tt>start-stop-daemon --start --quiet --exec $binpath -- $SYSLOGD</tt>" to simply "<tt>$binpath $SYSLOGD</tt>" # make sure you have all the device files it needs - eg /dev/log and /dev/console # syslog wouldn't open any output log files until I copied <tt>/etc/services</tt> and restarted it - otherwise it doesn't know what port it should listen on... !!SSH There is a patchset for ssh to allow you to chroot specific users. If you just use a normal chroot and normal ssh instead, and you get errors like <pre>sshd~[1234]: error: openpty: No such file or directory </pre> or <pre> error: session_pty_req: session 0 alloc failed </pre> then you are missing /dev/ptmx. Try "<tt>mknod /dev/ptmx c 5 2</tt>". -- Also see chroot(8)
2 pages link to
ChrootNotes
:
SCPOnly
LawrenceDoliveiro
