wiki:chroot_wrapper_skript
Last modified 6 years ago

Chroot - Wrapper

#!/bin/bash
#
# Distributed under the terms of the GNU General Public License v2
#
# Usage: ./chroot_home username

# These are the needed Apps for the chroot-env
APPS="/bin/bash /bin/cat /bin/cut /bin/id /bin/ls /bin/mkdir /bin/mv /bin/ping /bin/pwd /bin/rm /bin/rm /bin/rmdir /usr/bin/ssh"

# "exit with error"-function
function die() { echo ${*}; exit 1; }

umask 0022

# Check commandline for username
test -z "${1}" && die "Usage: ${0} username"

# set username
USERNAME=${1}

# try to get $HOME
CHROOT=`grep "^${USERNAME}" /etc/passwd |cut -d':' -f 6`
test -z "${CHROOT}" && die "Error: Could not get \$HOME for user \"${USERNAME}\""

cd ${CHROOT} || die "could not change to ${CHROOT}"

# create dirs, set permissions
mkdir -p bin dev etc home/${USERNAME} usr/bin usr/lib/misc \
       || die "error creating dirs"
chown $1:users home/$1

# create some useful devices
mkdir dev/pts
test -b dev/null  && mknod dev/null   c   1 3
test -b dev/zero  && mknod dev/zero   c   1 5
test -b dev/tty   && mknod dev/tty    c   5 0
test -b dev/pts/0 && mknod dev/pts/0  c 136 0
test -b dev/pts/1 && mknod dev/pts/1  c 136 1
chmod 666 dev/null dev/zero dev/tty dev/pts/*

# create short versions of passwd and group
egrep "(^root)|(${USERNAME})" /etc/passwd > etc/passwd
egrep "(^root)|(${USERNAME})" /etc/group  > etc/group

for app in ${APPS};  do # copy apps
       cp ${app} ./${app}
       
       # get needed libs and copy them too
       for lib in `ldd ${app} 2>/dev/null|awk '{ print $3 }'`; do
               mkdir -p ./`dirname ${lib}` || die "error creating dir"
               if [ -e ${lib} ]; then
                  cp ${lib} ./${lib} || die "error copying file"
               fi
       done
done
  • a login without password but with public key possible,too : 
mkdir -p /home/test/.ssh ${EDITOR} /home/test/.ssh/authorized_keys #enter public-key
  • Login via sftp into our chroot is possible, to achieve that add /usr/lib/misc/sftp-server into the APPS var.
  • eventually we've to change something when using 2.6er kernel. We must change the following in our script in our For-loop to change the dependencies in the following Libs : 
for lib in `ldd ${app} 2>/dev/null|grep -v linux-gate|awk '{ print $3 }'`; do
  • If you like to log into syslog out of your chroot environment we've to edit /etc/syslog-ng/syslog-ng.conf to add a log - device for chroot environments. 
source src { unix-stream("/dev/log"); unix-stream("/home/chroot/dev/log"); internal(); pipe("/proc/kmsg"); };

Attachments

  • chroot_user.sh Download (2.7 KB) - added by hamerr 5 years ago. this is tested on my machine and it works perfect