Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 2nd August 2006, 01:40
Mike_UK Mike_UK is offline
Junior Member
 
Join Date: Aug 2006
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Here Is Working 2.2.5 create_chroot_env.sh

The create_chroot_env.sh didn't work when I installed the vmware image, or following the upgrade to 2.2.5.

I looked around, edited the script and it's been enhanced with the following utils.

env wget ftp dig traceroute host sh
grep cat pico gzip gunzip bash ls mkdir
mv pwd rm id ssh ping dircolors less tail
nslookup resolveip

Remove them from the APPS= line if you don't want them.
If the format on the forum is bad, the APPS= line & the cp /libs/lib* line should be on one line!

###### start ######

#!/bin/bash
#
# Usage: ./create_chroot_env username
#
# Here specify the apps you want into the enviroment
APPS="/usr/bin/env /usr/bin/wget /usr/bin/ftp /usr/bin/dig /usr/bin/traceroute /usr/bin/host /bin/sh /bin/grep /bin/cat /usr/bin/pico /bin/gzip /bin/gunzip /bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/less /usr/bin/tail /usr/bin/nslookup /usr/bin/resolveip"
#
# Sanity check
if [ "$1" = "" ] ; then
echo " Usage: ./create_chroot_env username"
exit
fi

# Obtain username and HomeDir
CHROOT_USERNAME=$1
HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME" | cut -d':' -f 6`
cd $HOMEDIR

# Create Directories no one will do it for you
mkdir etc
mkdir etc/terminfo
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5


# Create short version to /usr/bin/groups
# On some system it requires /bin/sh, generally unnessesary in a chroot cage

echo "#!/bin/bash" > usr/bin/groups
echo "id -Gn" >> usr/bin/groups

# Add some users to ./etc/paswd
grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd
grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group

for prog in $APPS; do
echo "===========";
echo $prog;
#sleep 1
cp $prog ./ --parents

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }' | grep -v \(`
echo $LIBS
for l in $LIBS; do
#mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./ --parents
done
fi
done

# For strange reason, these 3 libraries are not in the ldd output, but without # them some stuff will not work, like usr/bin/groups
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/ld-linux.so.2 /lib/libresolv.so.2 /lib/libnss_dns.so.2 ./lib/

cp /etc/host.conf ./etc/
cp /etc/hosts ./etc/
cp /etc/nsswitch.conf ./etc/
cp /etc/localtime ./etc/
cp /etc/resolv.conf ./etc/
cp /etc/services ./etc/
cp /etc/protocols ./etc/
cp -R /etc/terminfo/* ./etc/terminfo/

###### end ######

Cheers
Mike
Reply With Quote
Sponsored Links
  #2  
Old 3rd August 2006, 14:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

Here's the file again with the correct formatting:

Code:
#!/bin/bash
#
# Usage: ./create_chroot_env username
#
# Here specify the apps you want into the enviroment
APPS="/usr/bin/env /usr/bin/wget /usr/bin/ftp /usr/bin/dig /usr/bin/traceroute /usr/bin/host /bin/sh /bin/grep /bin/cat /usr/bin/pico /bin/gzip /bin/gunzip /bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/less /usr/bin/tail /usr/bin/nslookup /usr/bin/resolveip"
#
# Sanity check
if [ "$1" = "" ] ; then
        echo "    Usage: ./create_chroot_env username"
        exit
fi

# Obtain username and HomeDir
CHROOT_USERNAME=$1
HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME"  | cut -d':' -f 6`
cd $HOMEDIR

# Create Directories no one will do it for you
mkdir etc
mkdir etc/terminfo
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5


# Create short version to /usr/bin/groups
# On some system it requires /bin/sh, generally unnessesary in a chroot cage

echo "#!/bin/bash" > usr/bin/groups
echo "id -Gn" >> usr/bin/groups

# Add some users to ./etc/paswd
grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd
grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group

for prog in $APPS;  do
echo "===========";
echo $prog;
#sleep 1
    cp $prog ./ --parents

    # obtain a list of related libraries
    ldd $prog > /dev/null
    if [ "$?" = 0 ] ; then
    LIBS=`ldd $prog | awk '{ print $3 }' | grep -v \(`
    echo $LIBS
    for l in $LIBS; do
        #mkdir -p ./`dirname $l` > /dev/null 2>&1
        cp $l ./ --parents
    done
fi
done

# For strange reason, these 3 libraries are not in the ldd output, but without # them some stuff will not work, like usr/bin/groups
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/ld-linux.so.2 /lib/libresolv.so.2 /lib/libnss_dns.so.2 ./lib/

cp /etc/host.conf ./etc/
cp /etc/hosts ./etc/
cp /etc/nsswitch.conf ./etc/
cp /etc/localtime ./etc/
cp /etc/resolv.conf ./etc/
cp /etc/services ./etc/
cp /etc/protocols ./etc/
cp -R /etc/terminfo/* ./etc/terminfo/
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 24th April 2007, 02:55
albertux albertux is offline
Member
 
Join Date: Sep 2006
Location: Chile
Posts: 90
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Skype™ to albertux
Default uuuuhh

Hi Falko, for a long time I have been needing to do chroot, you say to me that placing this script it works? help me please, or it tell me please like making the installation of chroot.

uff i try i probe but sorry ... but I do not have possibility, I do not understand script or it does not work to me at least

a doubt script, prevents a user to change to a directory who is not of their property? that is what I need to do with ssh, excuse me again but I do not understand ...

greetings alberto

Last edited by albertux; 24th April 2007 at 03:27.
Reply With Quote
  #4  
Old 24th April 2007, 11:10
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,478
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

This thread is really old and the script is already obsolete. It was for ISPConfig 2.2.5, we have now ISPConfig 2.2.12.

Search in the forums for chroot ssh and you will find some threads that explain the setup of a chroot SSH enviroment and how to enable it in ISPConfig. Here is also a howto that explains how to compile SSHD with chrooting enabled:

http://www.howtoforge.com/chrooted_ssh_howto_debian
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 24th April 2007, 17:25
albertux albertux is offline
Member
 
Join Date: Sep 2006
Location: Chile
Posts: 90
Thanks: 7
Thanked 0 Times in 0 Posts
Send a message via Skype™ to albertux
 
Default

uf ok thank you, but i see the date

greetings
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
1 email working, but others arent? lipp9000 Installation/Configuration 8 22nd July 2006 16:35
PHP & MySQL working, but AREN'T WORKING???? lipp9000 Installation/Configuration 4 21st July 2006 17:01
Debian 3.1 install - Autoresponder not working jockstrap Installation/Configuration 4 15th July 2006 12:58
UebiMiau stopped working after Apache reinstall shajazzi Installation/Configuration 6 18th February 2006 19:42
Internet/lan-only lan working Nejko Installation/Configuration 39 19th January 2006 15:32


All times are GMT +2. The time now is 23:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.