This page last modified: Oct 29 2004
- add an entry to /etc/security/chroot.conf with the userid and new root directory. - make the directory, and all the utility directories like /usr, /bin, /lib, /etc and of course some kind of /home. Fill them in. cp /bin/ls ./bin - Use something like this to copy all the shared libraries. It may be necessary to make more subdirectories under /lib, although this appears to strip off any subdirectory info. ldd /bin/ls | sed -n 's/[[:blank:]][^>]\+>[[:blank:]]\([[:graph:]]\+\).*/\1 lib\/ /p' |xargs -n 2 cp -u - Add entries to pam.d config files for any required services. su is odd in that it has $ISA in the middle of the path: session optional /lib/security/$ISA/pam_chroot.so debug - The debug option prints all kinds of useful stuff into /var/log/secure. There are also some messages in /var/log/messages - sshd runs as root and forks a process as the attaching user before pam is called, therefore sshd needs a patch if you want it to run in a chroot jail. Tons of ssh related stuff has to be copied into the jail, including /dev files. Run the file /dev/null to see what the device file params are then mknod ./dev/null c 1 3 (for example) to make the device files. - I have never been able to get the login command to work, so my only testing has been done with su. - You can test your chroot as root with a command like /usr/sbin/chroot /home/mst3k_root /bin/bash