nitrogen ............... said: > about a problem im having with my nix box. > ok.. well i got a chrooted env setup for users and also for most of > my daemons that run .. but i cant seem to get outgoing net access > in the chrooted env.. got any ideas?.
maybe..what are you trying to run? chroot has never affected net access for me, i can't imagine why it ever would. it could affect host resolution or something .. it took quite a bit of work to get ssh (client) to work under a chroot environment. heres a list of files i use to build 'skeleton' chroot enviornments for users: it-wa:/home2/chroot# ls -lR |more .: total 6 dr-xr-sr-x 2 root staff 1024 Jul 25 00:10 bin dr-xr-sr-x 2 root staff 1024 Jul 24 22:19 dev dr-xr-sr-x 3 root staff 1024 Jul 24 23:10 etc dr-xr-sr-x 2 root staff 1024 Jul 24 22:35 lib drwxrwxrwt 2 root staff 1024 Jul 24 21:21 tmp dr-xr-sr-x 4 root staff 1024 Jul 24 21:55 usr ./bin: total 5506 -r-xr-xr-x 6 root staff 461400 Jul 24 21:21 bash -r-xr-xr-x 6 root staff 9668 Jul 24 21:21 cat -r-xr-xr-x 6 root staff 32272 Jul 24 21:21 cp -r-xr-xr-x 6 root staff 15440 Jul 24 21:47 finger -r-xr-xr-x 6 root staff 68624 Jul 24 23:08 ftp -r-xr-xr-x 6 root staff 75648 Jul 24 21:21 grep -r-xr-xr-x 6 root staff 18832 Jul 24 21:21 ln -r-xr-xr-x 6 root staff 40848 Jul 24 21:21 ls -r-xr-xr-x 6 root staff 13088 Jul 24 21:21 mkdir -r-xr-xr-x 6 root staff 24348 Jul 24 21:21 more -r-xr-xr-x 6 root staff 39952 Jul 24 21:21 mv -r-xr-xr-x 6 root staff 6260 Jul 24 21:21 pwd -r-xr-xr-x 6 root staff 20304 Jul 24 21:21 rm -r-xr-xr-x 6 root staff 6892 Jul 24 21:21 rmdir -r-xr-xr-x 6 root staff 18556 Jul 24 22:14 scp -rwxr-xr-x 6 root staff 738040 Jul 25 00:10 scp2 -r-xr-xr-x 6 root staff 661056 Jul 24 22:15 sftp-server -rwxr-xr-x 6 root staff 833672 Jul 25 00:08 sftp2 -r-xr-xr-x 6 root staff 461400 Jul 24 21:21 sh -r-xr-xr-x 6 root staff 107644 Jul 24 21:54 ssh -r-xr-xr-x 6 root staff 1836695 Jul 24 22:14 ssh2 -r-xr-xr-x 6 root staff 94552 Jul 24 23:08 telnet ./dev: total 0 crw-r--r-- 1 root staff 1, 3 Jul 24 21:21 null crw-rw-rw- 1 root staff 5, 0 Jul 24 21:21 tty crw-r--r-- 1 root staff 1, 9 Jul 24 21:24 urandom ./etc: total 34 -rw-r--r-- 1 root staff 206 Jul 24 21:21 group -rw-r--r-- 6 root staff 11924 Jul 24 21:21 ld.so.cache -rw-r--r-- 6 root staff 465 Jul 24 23:11 nsswitch.conf -rw-r--r-- 1 root staff 319 Jul 24 23:41 passwd -rw-r--r-- 6 root staff 66 Jul 24 23:11 resolv.conf -rw-r--r-- 6 root staff 14450 Jul 24 23:10 services -rw-r--r-- 1 root staff 157 Aug 3 12:53 shadow dr-xr-sr-x 3 root staff 1024 Jul 24 21:21 terminfo ./etc/terminfo: total 1 dr-xr-sr-x 2 root staff 1024 Jul 24 21:55 x ./etc/terminfo/x: total 2 -rw-r--r-- 6 root staff 1777 Jul 24 21:21 xterm ./lib: total 1984 -rwxr-xr-x 6 root staff 85654 Jul 24 22:35 ld-linux.so.2 -rwxr-xr-x 6 root staff 887712 Jul 24 22:35 libc.so.6 -rw-r--r-- 6 root staff 20436 Jul 24 21:21 libcrypt.so.1 -rw-r--r-- 6 root staff 9452 Jul 24 22:35 libdl.so.2 -rw-r--r-- 6 root staff 116336 Jul 24 21:27 libm.so.6 -rw-r--r-- 6 root staff 238700 Jul 24 21:21 libncurses.so.4 -rw-r--r-- 6 root staff 233816 Jul 24 22:35 libncurses.so.5 -rw-r--r-- 6 root staff 76032 Jul 24 22:35 libnsl.so.1 -rw-r--r-- 6 root staff 41356 Jul 24 22:35 libnss_compat.so.2-r-x---r-x 6 root staff 11452 Jul 24 22:35 libnss_dns.so.2 -r-x---r-x 6 root staff 31084 Jul 24 22:35 libnss_files.so.2 -rw-r--r-- 6 root staff 27180 Jul 24 21:21 libpam.so.0 -rw-r--r-- 6 root staff 6060 Jul 24 21:21 libpam_misc.so.0 -r-x---r-x 6 root staff 143336 Jul 24 22:35 libreadline.so.4 -rw-r--r-- 6 root staff 46624 Jul 24 22:35 libresolv.so.2 -rw-r--r-- 6 root staff 7652 Jul 24 22:35 libutil.so.1 -rw-r--r-- 6 root staff 23008 Jul 24 21:21 libwrap.so.0 ./tmp: total 0 ./usr: total 2 drwxr-sr-x 2 root staff 1024 Jul 24 21:27 bin drwxr-sr-x 2 root staff 1024 Jul 24 21:21 lib ./usr/bin: total 2523 -rwxr-xr-x 6 root staff 10596 Jul 24 21:21 head -rwxr-xr-x 6 root staff 9552 Jul 24 21:21 id -rwxr-xr-x 6 root staff 18556 Jul 24 21:21 scp -rwxr-xr-x 6 root staff 107644 Jul 24 21:21 ssh -rwxr-xr-x 6 root staff 1836695 Jul 24 21:27 ssh2 -rwxr-xr-x 6 root staff 23568 Jul 24 21:21 tail -rwxr-xr-x 6 root staff 22640 Jul 24 21:21 touch -rwxr-xr-x 6 root staff 315260 Jul 24 21:21 vi ./usr/lib: total 729 -rw-r--r-- 6 root staff 685228 Jul 24 21:21 libcrypto.so.0 -rw-r--r-- 6 root staff 54512 Jul 24 21:21 libz.so.1 i have a script that sets up the enviroment from that template. there is a password file there as ssh requires it, but each user has only 1 line in their password file, for their own username.(If you have no password file ssh spits back "you dont exist! go away" or something). the script looks like: #!/bin/bash export USER=tomb export DIR=/home2/$USER # / mkdir $DIR chown $USER /home2/$USER ## /bin mkdir $DIR/bin chmod a-w $DIR/bin cd $DIR/bin ln /home2/chroot/bin/* . ## /dev mkdir $DIR/dev chmod a-w $DIR/dev cd $DIR/dev mknod null c 1 3 mknod tty c 5 0 mknod urandom c 1 9 chmod go+w tty ## /etc mkdir $DIR/etc chmod a-w $DIR/etc cd $DIR/etc mkdir -p terminfo/x chmod a-w $DIR/etc/terminfo chmod a-w $DIR/etc/terminfo/x cd $DIR/etc/terminfo/x ln /home2/chroot/etc/terminfo/x/* . cd $DIR/etc ln /home2/chroot/etc/nsswitch.conf . ln /home2/chroot/etc/resolv.conf . ln /home2/chroot/etc/services . ln /home2/chroot/etc/ld.so.cache . cat /etc/passwd | grep $USER > $DIR/etc/passwd ## /lib mkdir $DIR/lib chmod a-w $DIR/lib cd $DIR/lib ln /home2/chroot/lib/* . ## /usr mkdir $DIR/usr chmod a-w $DIR/usr cd $DIR/usr mkdir $DIR/usr/bin mkdir $DIR/usr/bin chmod a-w $DIR/usr/bin cd $DIR/usr/bin ln /home2/chroot/usr/bin/* . cd $DIR/usr mkdir $DIR/usr/lib chmod a-w $DIR/usr/lib cd $DIR/usr/lib ln /home2/chroot/usr/lib/* . ## /tmp mkdir $DIR/tmp chmod 1777 $DIR/tmp note that almost all of the files are hard links. saves disk space(the enviornment is 10MB), and makes keeping everything in synch easier. but of course everything has to be on the same filesystem. hth. it took several hours to get it working for me. SSH3(commercial) was much easier to get working then OpenSSH. nate
