The create_chroot_env.sh didn't work when I installed the vmware image, or following the upgrade to 2.2.5. I looked around, edited the script and it's been enhanced with the following utils. env wget ftp dig traceroute host sh grep cat pico gzip gunzip bash ls mkdir mv pwd rm id ssh ping dircolors less tail nslookup resolveip Remove them from the APPS= line if you don't want them. If the format on the forum is bad, the APPS= line & the cp /libs/lib* line should be on one line! ###### start ###### #!/bin/bash # # Usage: ./create_chroot_env username # # Here specify the apps you want into the enviroment APPS="/usr/bin/env /usr/bin/wget /usr/bin/ftp /usr/bin/dig /usr/bin/traceroute /usr/bin/host /bin/sh /bin/grep /bin/cat /usr/bin/pico /bin/gzip /bin/gunzip /bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/less /usr/bin/tail /usr/bin/nslookup /usr/bin/resolveip" # # Sanity check if [ "$1" = "" ] ; then echo " Usage: ./create_chroot_env username" exit fi # Obtain username and HomeDir CHROOT_USERNAME=$1 HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME" | cut -d':' -f 6` cd $HOMEDIR # Create Directories no one will do it for you mkdir etc mkdir etc/terminfo mkdir bin mkdir lib mkdir usr mkdir usr/bin mkdir dev mknod dev/null c 1 3 mknod dev/zero c 1 5 # Create short version to /usr/bin/groups # On some system it requires /bin/sh, generally unnessesary in a chroot cage echo "#!/bin/bash" > usr/bin/groups echo "id -Gn" >> usr/bin/groups # Add some users to ./etc/paswd grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group for prog in $APPS; do echo "==========="; echo $prog; #sleep 1 cp $prog ./ --parents # obtain a list of related libraries ldd $prog > /dev/null if [ "$?" = 0 ] ; then LIBS=`ldd $prog | awk '{ print $3 }' | grep -v \(` echo $LIBS for l in $LIBS; do #mkdir -p ./`dirname $l` > /dev/null 2>&1 cp $l ./ --parents done fi done # For strange reason, these 3 libraries are not in the ldd output, but without # them some stuff will not work, like usr/bin/groups cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/ld-linux.so.2 /lib/libresolv.so.2 /lib/libnss_dns.so.2 ./lib/ cp /etc/host.conf ./etc/ cp /etc/hosts ./etc/ cp /etc/nsswitch.conf ./etc/ cp /etc/localtime ./etc/ cp /etc/resolv.conf ./etc/ cp /etc/services ./etc/ cp /etc/protocols ./etc/ cp -R /etc/terminfo/* ./etc/terminfo/ ###### end ###### Cheers Mike
Here's the file again with the correct formatting: Code: #!/bin/bash # # Usage: ./create_chroot_env username # # Here specify the apps you want into the enviroment APPS="/usr/bin/env /usr/bin/wget /usr/bin/ftp /usr/bin/dig /usr/bin/traceroute /usr/bin/host /bin/sh /bin/grep /bin/cat /usr/bin/pico /bin/gzip /bin/gunzip /bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/less /usr/bin/tail /usr/bin/nslookup /usr/bin/resolveip" # # Sanity check if [ "$1" = "" ] ; then echo " Usage: ./create_chroot_env username" exit fi # Obtain username and HomeDir CHROOT_USERNAME=$1 HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME" | cut -d':' -f 6` cd $HOMEDIR # Create Directories no one will do it for you mkdir etc mkdir etc/terminfo mkdir bin mkdir lib mkdir usr mkdir usr/bin mkdir dev mknod dev/null c 1 3 mknod dev/zero c 1 5 # Create short version to /usr/bin/groups # On some system it requires /bin/sh, generally unnessesary in a chroot cage echo "#!/bin/bash" > usr/bin/groups echo "id -Gn" >> usr/bin/groups # Add some users to ./etc/paswd grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group for prog in $APPS; do echo "==========="; echo $prog; #sleep 1 cp $prog ./ --parents # obtain a list of related libraries ldd $prog > /dev/null if [ "$?" = 0 ] ; then LIBS=`ldd $prog | awk '{ print $3 }' | grep -v \(` echo $LIBS for l in $LIBS; do #mkdir -p ./`dirname $l` > /dev/null 2>&1 cp $l ./ --parents done fi done # For strange reason, these 3 libraries are not in the ldd output, but without # them some stuff will not work, like usr/bin/groups cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/ld-linux.so.2 /lib/libresolv.so.2 /lib/libnss_dns.so.2 ./lib/ cp /etc/host.conf ./etc/ cp /etc/hosts ./etc/ cp /etc/nsswitch.conf ./etc/ cp /etc/localtime ./etc/ cp /etc/resolv.conf ./etc/ cp /etc/services ./etc/ cp /etc/protocols ./etc/ cp -R /etc/terminfo/* ./etc/terminfo/
uuuuhh Hi Falko, for a long time I have been needing to do chroot, you say to me that placing this script it works? help me please, or it tell me please like making the installation of chroot. uff i try i probe but sorry ... but I do not have possibility, I do not understand script or it does not work to me at least a doubt script, prevents a user to change to a directory who is not of their property? that is what I need to do with ssh, excuse me again but I do not understand ... greetings alberto
This thread is really old and the script is already obsolete. It was for ISPConfig 2.2.5, we have now ISPConfig 2.2.12. Search in the forums for chroot ssh and you will find some threads that explain the setup of a chroot SSH enviroment and how to enable it in ISPConfig. Here is also a howto that explains how to compile SSHD with chrooting enabled: http://www.howtoforge.com/chrooted_ssh_howto_debian