#!/bin/bash # Makes a chroot jail for rssh. set -e CHROOT=/chroot/www # Set up directories. mkdir -p $CHROOT mkdir -p $CHROOT/etc $CHROOT/dev $CHROOT/bin mkdir -p $CHROOT/usr/local $CHROOT/var/www mkdir -p $CHROOT/usr/local/ssh/bin mkdir -p $CHROOT/usr/local/ssh/libexec mkdir -p $CHROOT/usr/local/rssh/bin mkdir -p $CHROOT/usr/local/rssh/libexec if [ ! -e $CHROOT/dev/zero ]; then mknod $CHROOT/dev/zero c 13 12 fi if [ ! -e $CHROOT/dev/null ]; then mknod $CHROOT/dev/null c 13 2 fi # Copy in binaries. cp /bin/cp /bin/ls /bin/mkdir /bin/mv /bin/rm /bin/rmdir $CHROOT/bin cp /usr/local/ssh/bin/scp $CHROOT/usr/local/ssh/bin cp /usr/local/rssh/bin/rssh $CHROOT/usr/local/rssh/bin cp /usr/local/rssh/libexec/rssh_chroot_helper $CHROOT/usr/local/rssh/libexec cp /usr/local/ssh/libexec/sftp-server $CHROOT/usr/local/ssh/libexec # Clean out libraries from previous runs, and make new library directories. rm -rf $CHROOT/lib mkdir -p $CHROOT/lib rm -rf $CHROOT/usr/lib mkdir -p $CHROOT/usr/lib # Copy in libraries: this will have to change if libraries are upgraded. pushd $CHROOT/lib &>/dev/null cp /lib/ld-2.3.2.so . ln -s ld-2.3.2.so ld-linux.so.2 cp /lib/libc-2.3.2.so . ln -s libc-2.3.2.so libc.so.6 cp /lib/libdl-2.3.2.so . ln -s libdl-2.3.2.so libdl.so.2 cp /lib/libnsl-2.3.2.so . ln -s libnsl-2.3.2.so libnsl.so.1 cp /lib/libncurses.so.5.4 . ln -s libncurses.so.5.4 libncurses.so.5 cp /lib/librt-2.3.2.so . ln -s librt-2.3.2.so librt.so.1 cp /lib/libpthread-0.10.so . ln -s libpthread-0.10.so libpthread.so.0 cp /lib/libutil-2.3.2.so . ln -s libutil-2.3.2.so libutil.so.1 cp /lib/libcrypt-2.3.2.so . ln -s libcrypt-2.3.2.so libcrypt.so.1 cp /lib/libresolv-2.3.2.so . ln -s libresolv-2.3.2.so libresolv.so.2 cp /lib/libnss_compat-2.3.2.so . ln -s libnss_compat-2.3.2.so libnss_compat.so.2 cp /lib/libnss_files-2.3.2.so . ln -s libnss_files-2.3.2.so libnss_files.so.2 cd $CHROOT/usr/lib cp /usr/lib/libz.so.1.2.2 . ln -s libz.so.1.2.2 libz.so.1 ln -s libz.so.1 libz.so cp /usr/lib/libcrypto.so.0.9.7 . ln -s libcrypto.so.0.9.7 libcrypto.so popd &>/dev/null