~ubuntu-branches/ubuntu/quantal/rssh/quantal

Viewing changes to mkchroot.sh

Committer: Bazaar Package Importer
Author(s): Jesus Climent
Date: 2004-10-27 09:44:54 UTC
mfrom: (1.1.1 upstream)
Revision ID: james.westby@ubuntu.com-20041027094454-6bl6i4qf2i27bjpl

Tags: 2.2.2-1

http://bugs.debian.org/278157

* New upstream release (Closes: #278157)
* Urgency set to high due to the bug #278157, which happens to be a security
bug. Thanks to the reporters: Hideki Yamane and Florian Weimer.

files added:
argvec.c

argvec.h

conf_convert.sh

debian/NEWS.Debian

debian/rssh.docs

mkchroot.sh

files removed:
config.guess

config.sub

files modified:
AUTHORS

CHROOT

ChangeLog

INSTALL

Makefile.am

Makefile.in

README

SECURITY

aclocal.m4

configure

configure.ac

debian/README.Debian

debian/changelog

debian/config

debian/control

debian/dirs

debian/po/fr.po

debian/po/ja.po

debian/po/pt_BR.po

debian/po/templates.pot

debian/postinst

debian/rules

debian/templates

log.c

main.c.in

pathnames.h.in

rssh.1

rssh.conf

rssh.conf.5

rssh.conf.5.in

rssh.h

rssh.spec

rssh.spec.in

rssh_chroot_helper.c

rsshconf.c

util.c

util.h

Show diffs side-by-side

added added

removed removed

mkchroot.sh

#!/bin/sh

#####################################################################

## mkchroot.sh - set up a chroot jail.

## This script is written to work for Red Hat 8/9 systems, but may work on

## other systems. Or, it may not... In fact, it may not work at all. Use at

## your own risk. :)

fail() {

echo "`basename $0`: fatal error" >&2

echo "$1" >&2

exit $2

}

#####################################################################

# Initialize - handle command-line args, and set up variables and such.

# $1 is the directory to make the root of the chroot jail (required)

# $2, if given, is the user who should own the jail (optional)

# $3, if given, is the permissions on the directory (optional)

if [ -z "$1" ]; then

echo "`basename $0`: error parsing command line" >&2

echo " You must specify a directory to use as the chroot jail." >&2

exit 1

jail_dir="$1"

if [ -n "$2" ]; then

owner="$2"

if [ -n "$3" ]; then

perms="$3"

#####################################################################

# build the jail

# now make the directory

if [ ! -d "$jail_dir" ]; then

echo "Creating root jail directory."

mkdir -p "$jail_dir"

if [ $? -ne 0 ]; then

echo " `basename $0`: error creating jail directory." >&2

echo "Check permissions on parent directory." >&2

exit 2

if [ -n "$owner" -a `whoami` = "root" ]; then

echo "Setting owner of jail."

chown "$owner" "$jail_dir"

if [ $? -ne 0 ]; then

echo " `basename $0`: error changing owner of jail directory." >&2

exit 3

else

echo -e "NOT changing owner of root jail. \c"

if [ `whoami` != "root" ]; then

echo "You are not root."

else

echo

if [ -n "$owner" -a `whoami` = "root" ]; then

echo "Setting permissions of jail."

chmod "$perms" "$jail_dir"

if [ $? -ne 0 ]; then

echo " `basename $0`: error changing perms of jail directory." >&2

exit 3

else

echo -e "NOT changing perms of root jail. \c"

if [ `whoami` != "root" ]; then

echo "You are not root."

else

echo

# copy SSH files

scp_path="/usr/bin/scp"

sftp_server_path="/usr/lib/sftp-server"

100

rssh_path="/usr/bin/rssh"

101

chroot_helper_path="/usr/lib/rssh/rssh_chroot_helper"

102

103

for jail_path in `dirname "$jail_dir$scp_path"` `dirname "$jail_dir$sftp_server_path"` `dirname "$jail_dir$chroot_helper_path"`; do

104

105

echo "setting up $jail_path"

106

107

if [ ! -d "$jail_path" ]; then

108

mkdir -p "$jail_path" || \

109

fail "Error creating $jail_path. Exiting." 4

110

111

112

done

113

114

cp "$scp_path" "$jail_dir$scp_path" || \

115

fail "Error copying $scp_path. Exiting." 5

116

cp "$sftp_server_path" "$jail_dir$sftp_server_path" || \

117

fail "Error copying $sftp_server_path. Exiting." 5

118

cp "$rssh_path" "$jail_dir$rssh_path" || \

119

fail "Error copying $rssh_path. Exiting." 5

120

cp "$chroot_helper_path" "$jail_dir$chroot_helper_path" || \

121

fail "Error copying $chroot_helper_path. Exiting." 5

122

123

124

#####################################################################

125

126

# identify and copy libraries needed in the jail

127

128

129

for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do

130

echo "Copying libraries for $prog."

131

libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3`

132

for lib in $libs; do

133

mkdir -p "$jail_dir$(dirname $lib)"

134

echo -e "\t$lib"

135

cp "$lib" "$jail_dir$lib"

136

done

137

done

138

139

echo "copying name service resolution libraries..."

140

tar -cf - /lib/libnss_files* | tar -C "$jail_dir" -xvf - |sed 's/^/\t/'

141

142

#####################################################################

143

144

# copy config files for the dynamic linker, nsswitch.conf, and the passwd file

145

146

147

echo "Setting up /etc in the chroot jail"

148

mkdir -p "$jail_dir/etc"

149

cp /etc/nsswitch.conf "$jail_dir/etc/"

150

cp /etc/passwd "$jail_dir/etc/"

151

cp /etc/ld.* "$jail_dir/etc/"

152

153

echo -e "Chroot jail configuration completed."

154

echo -e "\nNOTE: if you are not using the passwd file for authentication,"

155

echo -e "you may need to copy some of the /lib/libnss_* files into the jail.\n"

156

157

158

#####################################################################

159

160

# set up /dev/log

161

162

163

mkdir -p "$jail_dir/dev"

164

165

echo -e "NOTE: you must MANUALLY edit your syslog rc script to start syslogd"

166

echo -e "with appropriate options to log to $jail_dir/dev/log. In most cases,"

167

echo -e "you will need to start syslog as:\n"

168

echo -e " /sbin/syslogd -a $jail_dir/dev/log\n"

169

170

echo -e "NOTE: we make no guarantee that ANY of this will work for you... \c"

171

echo -e "if it\ndoesn't, you're on your own. Sorry!\n"

172

173

Older »