Here Is Working 2.2.5 create_chroot_env.sh

[Mike_UK]

The create_chroot_env.sh didn't work when I installed the vmware image, or following the upgrade to 2.2.5.

I looked around, edited the script and it's been enhanced with the following utils.

env wget ftp dig traceroute host sh
grep cat pico gzip gunzip bash ls mkdir
mv pwd rm id ssh ping dircolors less tail
nslookup resolveip

Remove them from the APPS= line if you don't want them.
If the format on the forum is bad, the APPS= line & the cp /libs/lib* line should be on one line!

###### start ######

#!/bin/bash
#
# Usage: ./create_chroot_env username
#
# Here specify the apps you want into the enviroment
APPS="/usr/bin/env /usr/bin/wget /usr/bin/ftp /usr/bin/dig /usr/bin/traceroute /usr/bin/host /bin/sh /bin/grep /bin/cat /usr/bin/pico /bin/gzip /bin/gunzip /bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/less /usr/bin/tail /usr/bin/nslookup /usr/bin/resolveip"
#
# Sanity check
if [ "$1" = "" ] ; then
echo " Usage: ./create_chroot_env username"
exit
fi

# Obtain username and HomeDir
CHROOT_USERNAME=$1
HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME" | cut -d':' -f 6`
cd $HOMEDIR

# Create Directories no one will do it for you
mkdir etc
mkdir etc/terminfo
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5


# Create short version to /usr/bin/groups
# On some system it requires /bin/sh, generally unnessesary in a chroot cage

echo "#!/bin/bash" > usr/bin/groups
echo "id -Gn" >> usr/bin/groups

# Add some users to ./etc/paswd
grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd
grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group

for prog in $APPS; do
echo "===========";
echo $prog;
#sleep 1
cp $prog ./ --parents

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }' | grep -v \(`
echo $LIBS
for l in $LIBS; do
#mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./ --parents
done
fi
done

# For strange reason, these 3 libraries are not in the ldd output, but without # them some stuff will not work, like usr/bin/groups
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/ld-linux.so.2 /lib/libresolv.so.2 /lib/libnss_dns.so.2 ./lib/

cp /etc/host.conf ./etc/
cp /etc/hosts ./etc/
cp /etc/nsswitch.conf ./etc/
cp /etc/localtime ./etc/
cp /etc/resolv.conf ./etc/
cp /etc/services ./etc/
cp /etc/protocols ./etc/
cp -R /etc/terminfo/* ./etc/terminfo/

###### end ######

Cheers
Mike

[falko]

Here's the file again with the correct formatting:

Code:

#!/bin/bash
#
# Usage: ./create_chroot_env username
#
# Here specify the apps you want into the enviroment
APPS="/usr/bin/env /usr/bin/wget /usr/bin/ftp /usr/bin/dig /usr/bin/traceroute /usr/bin/host /bin/sh /bin/grep /bin/cat /usr/bin/pico /bin/gzip /bin/gunzip /bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/less /usr/bin/tail /usr/bin/nslookup /usr/bin/resolveip"
#
# Sanity check
if [ "$1" = "" ] ; then
        echo "    Usage: ./create_chroot_env username"
        exit
fi

# Obtain username and HomeDir
CHROOT_USERNAME=$1
HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME"  | cut -d':' -f 6`
cd $HOMEDIR

# Create Directories no one will do it for you
mkdir etc
mkdir etc/terminfo
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5


# Create short version to /usr/bin/groups
# On some system it requires /bin/sh, generally unnessesary in a chroot cage

echo "#!/bin/bash" > usr/bin/groups
echo "id -Gn" >> usr/bin/groups

# Add some users to ./etc/paswd
grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd
grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group

for prog in $APPS;  do
echo "===========";
echo $prog;
#sleep 1
    cp $prog ./ --parents

    # obtain a list of related libraries
    ldd $prog > /dev/null
    if [ "$?" = 0 ] ; then
    LIBS=`ldd $prog | awk '{ print $3 }' | grep -v \(`
    echo $LIBS
    for l in $LIBS; do
        #mkdir -p ./`dirname $l` > /dev/null 2>&1
        cp $l ./ --parents
    done
fi
done

# For strange reason, these 3 libraries are not in the ldd output, but without # them some stuff will not work, like usr/bin/groups
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/ld-linux.so.2 /lib/libresolv.so.2 /lib/libnss_dns.so.2 ./lib/

cp /etc/host.conf ./etc/
cp /etc/hosts ./etc/
cp /etc/nsswitch.conf ./etc/
cp /etc/localtime ./etc/
cp /etc/resolv.conf ./etc/
cp /etc/services ./etc/
cp /etc/protocols ./etc/
cp -R /etc/terminfo/* ./etc/terminfo/

[albertux]

Hi Falko, for a long time I have been needing to do chroot, you say to me that placing this script it works? help me please, or it tell me please like making the installation of chroot.

uff i try i probe but sorry ... but I do not have possibility, I do not understand script or it does not work to me at least

a doubt script, prevents a user to change to a directory who is not of their property? that is what I need to do with ssh, excuse me again but I do not understand ...

greetings alberto

[till]

This thread is really old and the script is already obsolete. It was for ISPConfig 2.2.5, we have now ISPConfig 2.2.12.

Search in the forums for chroot ssh and you will find some threads that explain the setup of a chroot SSH enviroment and how to enable it in ISPConfig. Here is also a howto that explains how to compile SSHD with chrooting enabled:

http://www.howtoforge.com/chrooted_ssh_howto_debian

[albertux]

uf ok thank you, but i see the date

greetings