2001-10-20-01:03:36 Postmaster:
> Does any body know to chroot openssh service?

Once upon a time, it was easy to set up chroot; just include copies
of all the programs you wanted to run in the chroot jail. Maybe one
or two would want a data file, you'd need to copy them in too, and
they'd give nice clear error messages telling you what you needed to
add.

These days, though, chrooting has gotten hard. To chroot openssh you
need to chroot the ability to fire up a login shell, which means the
whole PAM machinery, as well as enough of /dev for both the
networking and the pty support. You'll probably need enough of /etc
for the name service switcher, and cthulhu only knows what else.
Likely most of the shared libraries on the system, dozens or
hundreds of them.

I suspect the easiest way to chase this will be to find a project
somewhere that's packaging tools for doing vhosting by chrooting.
I'm afraid I don't have a link for you, but hopefully "virtual host"
and "chroot" as keywords into search engines will turn up something.

I tried to set up chrooted openssh recently, after a long fight I
eventually gave up. Linux has turned really nasty that way,
everything depends on a zillion other subsystems.

-Bennett

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE71CIOHZWg9mCTffwRAs+IAKCC2VIUmRfdpFFD5/s58d7w3tyk9wCggKrZ
PK8suyRZtLIDp67flah/azM=
=Mhxz
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]