Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Jails...
-
26-10-2001 8:29pm#1
Comments
-
-
-
-
-
Originally posted by Hecate
Yeah it's the FreeBSD implementation of Jail I was talking about; basically a few of us in college are thinking of running an IRC server within it.
Well, FreeBSD's jail would probably be overkill for just an IRC server, read the man page it
goes into a good deal of depth.
What your really doing is installing a complete FreeBSD installation into a particular directory
Then you tell the kernel to run a seperate virtual server from that directory, you need a different
IP address (AFAIK) to run it too, the kernel listens on both IP's and sends the info to whichever server...
Also; does chroot only restrict people to a certain directory structure (like their /home dir) ?
Its used to restrict a process to a particular directory.
It changes the root directory for the process to (say) /chroot the process is not able
to get outside that directory, because as far as its concerned it is /
Depending on your programme you may have to install libaries and stuff under /chroot.
For example the following ircd is dynamically linked and needs the following libs...
# ldd /usr/local/sbin/ircd
/usr/local/sbin/ircd:
libz.so.2 => /usr/lib/libz.so.2 (0x28090000)
libm.so.2 => /usr/lib/libm.so.2 (0x2809d000)
libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280b8000)
libc.so.4 => /usr/lib/libc.so.4 (0x280d1000)
so I would have to copy them as follows...
cp /usr/lib/libz.so.2 /chroot/usr/lib/libz.so.2
cp /usr/lib/libm.so.2 /chroot/usr/lib/libm.so.2
cp /usr/lib/libcrypt.so.2 /chroot/usr/lib/libcrypt.so.2
cp /usr/lib/libc.so.4 /chroot/usr/lib/libc.so.4
and of course any other configs that you need.
Now, the dificult thing is that chroot has to be run by root, so you have to use su,
unless you want to run your ircd as root >:|
As an example try running bash as the user fred...
(You will need to make the directories beforehand...)
(the su dynamic executable...)
cp /usr/bin/su /chroot/usr/bin/su
(libs for su)
cp /usr/lib/libutil.so.3 /chroot/usr/lib/libutil.so.3
cp /usr/lib/libskey.so.2 /chroot/usr/lib/libskey.so.2
cp /usr/lib/libmd.so.2 /chroot/usr/lib/libmd.so.2
cp /usr/lib/libcrypt.so.2 /chroot/usr/lib/libcrypt.so.2
cp /usr/lib/libc.so.4 /chroot/usr/lib/libc.so.4
(ELF interpreter)
cp /usr/libexec/ld-elf.so.1 /chroot/usr/libexec/ld-elf.so.1
(bash, lets call it moo, my bash is static...)
cp /usr/local/bin/bash /chroot/bin/moo
(copy login details for fred, assuming you have a fred user, useradd if needs be or whatever...)
grep fred /etc/master.passwd > /chroot/etc/master.passwd
(will need root also for su...)
grep root /etc/master.passwd >> /chroot/etc/master.passwd
(create the passwd databases)
pwd_mkdb -p -d /chroot/etc /chroot/etc/master.passwd
Now you _should_ be able to run moo (aka bash) in
the chroot environment...
chroot /chroot su -lm fred -c "/bin/moo"
moo-2.04$ pwd
/
moo-2.04$ echo *
bin etc usr
mind you, all you will be able to do is 'cd' and 'echo *' but hey
Follow that and you should be able to get your ircd running in the chroot, good luck
0 -
Advertisement
Advertisement