Chroot feature on proxy-suite
Hi, all I would like to use chroot() feature for proxy-suite (Sun Blade 100, Solaris 9). Under /var/proxy-suite/rundir, I created directories dev, etc, usr. I linked /dev/null to null in the dev directory. I copied /usr/lib/libc.so to usr/lib directory and copied /etc/passwd and group files to etc subdirectory. I tried to start ftp-proxy standalone and I got a message: # ./ftp-proxy ftp-proxy [9278] <07/19-16:13:13> TECH-ERR can't write config file into chroot I tried to create var/run directory under /var/proxy-suite/rundir for pid file and var/log under /var/proxy-suite/rundir for log file but I got the same message when I tried to start the daemon. Does anyone know which config file is? Thanks in advance. Ryan Jiang Liz Claiborne, Inc. ruiyuan_jiang@liz.com
On Fri, Jul 19, 2002 at 12:52:46PM -0400, Ruiyuan Jiang wrote:
Hi, all
I would like to use chroot() feature for proxy-suite (Sun Blade 100, Solaris 9). Under /var/proxy-suite/rundir, I created directories dev, etc, usr. I linked /dev/null to null in the dev directory.
No, a link can't work - use mknod instead and create a real $ServerRoot/dev/null device.
I copied /usr/lib/libc.so to usr/lib directory and copied /etc/passwd and group files to etc subdirectory.
Make sure, there are no real passwords. You can also create dummy files instead, i.e. $ServerRoot/etc/passwd: root:*:0:0:root:/:/bin/false ftp-proxy:*:5000:5000:proxy user:/:/bin/false $ServerRoot/etc/group: root:*:0:root ftp-proxy:*:5000: or specify the User and Group as UID/GID numbers in the ftp-proxy.conf...
I tried to start ftp-proxy standalone and I got a message:
# ./ftp-proxy ftp-proxy [9278] <07/19-16:13:13> TECH-ERR can't write config file into chroot
I tried to create var/run directory under /var/proxy-suite/rundir for pid file and var/log under /var/proxy-suite/rundir for log file but I got the same message when I tried to start the daemon. Does anyone know which config file is? Thanks in advance.
The proxy writes its config into the chroot if it is not there,
to be able to reload it on SIGHUP.
Copy your /etc/proxy-suite/ftp-proxy.conf into the chroot as well.
An other solution is to make the config directory in the chroot
$ServerRoot/etc/proxy-suite/
writeable to the user the proxy runs as... But this is not needed
if you copy the config yourself.
Gruesse,
Marius Tomaschewski
participants (2)
-
Marius Tomaschewski
-
Ruiyuan Jiang