Ventrilo Voice Communication Server In A Chrooted Environment On Ubuntu Feisty AMD64

Want to support HowtoForge? Become a subscriber!
 
Submitted by grant (Contact Author) (Forums) on Wed, 2007-09-19 08:19. :: Ubuntu

Ventrilo Voice Communication Server In A Chrooted Environment On Ubuntu Feisty AMD64

This tutorial explains how to set up Ventrilo, a popular voice communication server, in a chrooted environment, and to run as a non-privileged user.  Parts of it were adapted from http://pelme.se/~andreas/code/ventrilo-chroot/.

The main reason for doing this is security. Ventrilo is distributed only in binary format, which some people distrust. A chrooted environment means the program only has access to its home directory, not the entire system. Running it like this means that if there is a bug or exploit in Ventrilo, it is not likely to compromise the rest of the system.

The tutorial was tested on Ubuntu Feisty AMD64, with the free version of Ventrilo. Instructions on what you should need to modify for 32bit systems are included at the end.

Download the latest version of the linux server from Ventrilo's website.

Install the 32bit compatibility packages:

apt-get install ia32-libs linux32

Make a directory for chrooted services:

mkdir /opt/chrooted

Create the user for ventrilo:

useradd -r /bin/false -m /opt/chrooted/ventrilo ventrilo

Create the new environment for ventrilo:

mkdir /opt/chrooted
tar zxvf ~/ventrilo_srv-2.3.1-Linux-i386.tar.gz /opt/chrooted/ventrilo
cd /opt/chrooted/ventrilo
mkdir dev
mkdir lib
mkdir lib32
mkdir lib64
mknod dev/null c 1 3
chmod 666 dev/null
chown -R ventrilo /opt/chrooted/ventrilo/*

Copy the needed libraries to Ventrilo's new environment, since it won't have access to the rest of the file system:

cp /lib32/libdl.so.2 lib32
cp /lib32/libc.so.6 lib32
cp /lib/ld-linux.so.2 lib
cp /lib/libc.so.6 lib
cp /lib64/ld-linux-x86-64.so.2

Copy the following to start.c:

/*
-------------------------------------------------------------
This version has been modified by Grant Emsley <grant @emsley.ca>
Modified on Sept 17, 2007
A program to start ventrilo in a chroot with dropped privileges
Copyright (C) 2005 Andreas Pelme  <andreas @pelme.se>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
--- Installation -------------------------------------------------------------
* Change the UID/GID to the UID/GID your ventrilo server is intended to run as.
* Compile this file with this command:
gcc -O2 -o start start.c
-----------------------------------------------------------------------------
*/
#include <stdio.h>
#include <unistd.h>
// CHANGE THIS TO WHATEVER UID/GID YOU WANT TO RUN VENTRILO AS
#define UID 10007
#define GID 10007
// CHANGE THIS TO WHATEVER UID/GID YOU WANT TO RUN VENTRILO AS
int main(int argc, char **argv)
{
int gid = GID;
if (setgroups(1, &gid) == -1)
{
fprintf(stderr, "%s: setgroups() failed!\n", argv[0]);
return 1;
}
if (setgid(GID) == -1)
{
fprintf(stderr, "%s: setgid() failed!\n", argv[0]);
return 1;
}
if (setuid(UID) == -1)
{
fprintf(stderr, "%s: setuid() failed!\n", argv[0]);
return 1;
}
execl("/ventrilo_srv", "ventrilo_srv", "-d -fventrilo_srv", 0);
}

Edit the UID and GID lines to match the Ventrilo user.  You can find this number by running:

cat /etc/passwd | grep ventrilo

Compile the start program:

gcc -O2 -o start start.c

If that command gives you errors like "error: stdio.h: No such file or directory", run this first:

apt-get install build-essential

All we need now is a startup script. Copy this to /etc/init.d/ventrilo:

#!/bin/sh
CHROOT="/opt/chrooted/ventrilo/"
function start {
echo -n "Starting Ventrilo server..."
PIDFILE="$CHROOT/ventrilo_srv.pid"
if [ ! -e $PIDFILE ]
then
chroot $CHROOT /start $1
echo "done."
else
echo "already running!"
exit
fi
}
stop() {
echo -n "Stopping Ventrilo server..."
PIDFILE="${config}/ventrilo_srv.pid"
if [ -e $PIDFILE ]
then
kill -9 `cat $PIDFILE` > /dev/null
rm -f $PIDFILE
echo "done."
else
echo "not running!"
exit
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload|force-reload)
stop
sleep 1
start
;;
*)
echo "Usage: $0 start|stop|restart|reload|force-reload"
exit 1
;;
esac

Edit ventrilo_srv.ini with whatever settings you need. Check their website for the documentation on that.

Set the script to run when the server is started:

update-rc.d ventrilo defaults

That's it. To start the server, run:

/etc/init.d/ventrilo start

 

32bit Linux

If you are on 32bit linux, you will need to change the following steps:

  • Don't install the 32bit compatibility packages.
  • Don't make the lib32 or lib64 directories.
  • Don't copy any of the libraries until the end of the installation.
  • Instead of installing the libraries above, run:

ldd ventrilo_srv

Any file in there that has something on the right side of the arrow has to be copied to the same directory in /opt/chrooted/ventrilo/lib.

Do the same thing for the start command, and again copy the files to the lib directory:

ldd start


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by 1john2@seznam.cz (not registered) on Sat, 2009-10-03 19:42.
and may be 8)thing ventrilo_srv.ini have to be in /opt/chrooted/ventrilo(root of chroot) not in /ventrilo_srv. I don't know why.
Submitted by 1john2@seznam.cz (not registered) on Sat, 2009-10-03 19:30.

hi author,

thank you for your work, but I think you have some errors, or may be distro differences in your howto:

I installed it in debian lenny 32bit.

1)problem with useradd. I have to use this command: "useradd -r -s /bin/false -m -d /opt/chrooted/ventrilo ventrilo"

 2)in your C source, i think it's better to use test return value of execl and use errno to check what kind of problem may happen.

3)in C code for me doesn't work your execl I used: "execl("/ventrilo_srv/ventrilo_srv", "-d" , "-fventrilo_srv", 0) "

4)in init script I made this changes: start app in chroot I've got with & something like this: "chroot $CHROOT /start&  $1" I think $1you don't have to use, in the called function it's empty.

5) and, in stop section, you use variable config instead of CHROOT

6)in ps ax I see only parameters of ventrilo(like -d -fventrilo_srv)

7) and the last(first) thing in ventrilo archive is directory ventsrv, your howto work with  ventrilo_srv

I hope it's everythink, and it can help someone...

by 1john2

JID: 1john2@jabbim.cz

Submitted by johnson.seo (registered user) on Wed, 2009-04-08 12:08.

Hi all,

This is candry johnson i have ventrilo server anybody want this service then let me know or have to go with my company website listed in bottom and you can get more info about ventrilo server here.

 Thanks & Regards

ventrilo server

Submitted by Anonymous (not registered) on Wed, 2009-03-18 17:35.
cp /lib64/ld-linux-x86-64.so.2 lib64
Submitted by Anonymous (not registered) on Mon, 2008-12-22 16:41.
Very sloppily written. The basics are kind of there but, as step-by-step instructions, it lacks severe clarity. For instance, it essentially tells you to create the directory for chroot twice. Also, where does one put start.c to compile?