* Volker Kuhlmann; <hidden@paradise.net.nz> on 13 Dec, 2003 wrote:
1) Create /etc/sysconfig/chroot.d directory and store configuration files for services to be chrooted.
Please no, only one config file in /etc, copy that if needed. On SuSE 8.2 several services run chrooted already on demand, e.g. postfix and named, and SuSEconfig/rcservice maintain the chroot env automatically. Have a look at their mechanisms first, they seem pretty good.
Too late ( though you never know) yet my modified init scripts do the same they prepare the chroot environment and then start the service so no need to manually prepare the chrooted directory structure
2) Create chroot-maker file which will basically read the /etc/sysconfig/chroot.d/FILENAME and create the chrooted environment
If chroot.d/FILENAME contains a list of files needed in the chroot env for each service, that would be a good general approach.
Thats what I have done so far
The tricky bit is to work out which files are needed. I tried with jail and sshd once but couldn't get it working.
well I got snmpd working in chroot now (except the agents parts which I have not played with yet.) but the thing so far works with no problem I have gotten the ssh also in chrooted, the part I could not decide is how do I want to check the users authentication if I want to trust the /etc/passwd file I have to find a way to get the legitimate users in /chroot/sshd/etc/passwd or find another way of getting the users authenticated somehow as this is the part that is left. I do not think now getting squid or apache to be involved in the chroot game too difficult ( hope I am not mistaken ) The question is how many sockets can I create for syslogd to listen somewhere in my memory 19 is the magic number. If so is it better to change to syslog-ng or something else ? Desperately seeking my brain which is lost in the language dilemma :-( Mfg. von Stuttgart -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer Please reply to the list; http://susefaq.sf.net Please don't CC me.