Thomas Bohl <[email protected]> wrote: > Hello, > > > After several tries, i think the problem is the interpretation, in > > Universal Language; usually used in OBSD, it could be: > > Write this .... > > Do this .... > > But, in this case; there are not commands! > > Please, let me ask you, How to add /bin/sh to the chroot? > > How to add host? resolv.conf? and femail.conf? > > How to create /var/www/etc/other files? > > From where do i have to create every thing? > > That is what I always do for httpd chroot: > > # mkdir -p /var/www/usr/local/share/icu/ > # mkdir -p /var/www/etc/ssl/ > # cp -r /usr/local/share/icu/* /var/www/usr/local/share/icu/ > # cp /etc/ssl/openssl.cnf /var/www/etc/ssl/ > # cp /etc/ssl/cert.pem /var/www/etc/ssl/ > # cp /etc/{hosts,resolv.conf,localtime} /var/www/etc/ > # chown -R root:daemon /var/www/etc/ssl > # chown -R root:daemon /var/www/usr/ > > > I haven't had the need for /bin/sh in chroot, so this is untested. But > judging by > $ ldd /bin/sh > > # mkdir /var/www/bin/ > # cp /bin/sh /var/www/bin/ > > should be it.
No. Programs don't run in a vacuum. They need various things in the filesystem. I do not think we should document what those things are, because the practice of running binaries inside such chroot spaces is highly discouraged. It is an old less-secure practice for a less-secure era and we don't need to help people re-create it. When people believe they really need to do so, we provide the tools they need to learn what is required: ktrace & kdump. And I really mean they need to learn to use those tools. If they don't understand the low-level system behaviours that happen, then why the HELL do they think they can use chroot safely?
