Salve,
oggi stavo provando a chrootare apache, solo che quando faccio:
chroot /chroot/apache /usr/sbin/apache ottengo il seguente errore,
apache: bad user name www-data!
Questi sono i passi che ho eseguito per costruire la jail:
CHDIR=/chroot/apache;
# Create the jail
mkdir -p $CHDIR;
mkdir -p $CHDIR/bin;
mkdir -p $CHDIR/dev;
mkdir -p $CHDIR/etc;
mkdir -p $CHDIR/lib;
mkdir -p $CHDIR/sbin;
mkdir -p $CHDIR/usr;
mkdir -p $CHDIR/usr/lib;
mkdir -p $CHDIR/usr/sbin;
mkdir -p $CHDIR/var;
mkdir -p $CHDIR/var/www;
mkdir -p $CHDIR/var/run;
mkdir -p $CHDIR/var/log;
mkdir -p $CHDIR/var/log/apache;
mkdir -p $CHDIR/var/lock;
mknod $CHDIR/dev/null c 1 3;
# Copy some libraries
cp /lib/libm.so.6 $CHDIR/lib;
cp /lib/libcrypt.so.1 $CHDIR/lib;
cp /lib/libdb.so.2 $CHDIR/lib;
cp /lib/libdb2.so.2 $CHDIR/lib;
cp /usr/lib/libexpat.so.1 $CHDIR/lib;
cp /lib/libdl.so.2 $CHDIR/lib;
cp /lib/libc.so.6 $CHDIR/lib;
cp /lib/ld-linux.so.2 $CHDIR/lib;
cp /lib/libnss_compact* $CHDIR/lib;
cp /lib/libnss_dns* $CHDIR/lib;
cp /lib/libnss_files* $CHDIR/lib;
cp -R /usr/lib/apache $CHDIR/usr/lib;
cp /etc/passwd $CHDIR/etc;
cp /etc/group $CHDIR/etc;
cp /etc/mime.types $CHDIR/etc;
cp /etc/hosts $CHDIR/etc;
cp /etc/nsswitch.conf $CHDIR/etc;
cp /etc/localtime $CHDIR/etc;
cp /usr/sbin/apache $CHDIR/usr/sbin;
cp /usr/sbin/apacheconfig $CHDIR/usr/sbin;
cp /usr/sbin/apachectl $CHDIR/usr/sbin;
cp /bin/false $CHDIR/bin;
poi ho sostituito:
www-data:x:33:33:www-data:/var/www:/bin/sh
con
www-data:x:33:33:www-data:$CHDIR:/bin/false
Qualche idea?
--
Lorenzo Micheli <lorenzomic@tin.it>
Attachment:
signature.asc
Description: This is a digitally signed message part