-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathREADME.chroot.solaris
158 lines (123 loc) · 5.04 KB
/
README.chroot.solaris
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
Boa chroot mini-HOWTO
===================================================
by Liam Widdowson <[email protected]>
modified slightly by Jon Nelson <[email protected]>
The following is required to get Boa working in a chroot jail. Whilst this
README is about Solaris specifically, the principals here will apply to
other operating systems.
The following assumptions are made:
- Boa has been compiled and installed in /opt/boa
- The chroot jail will be created in /var/www
- A user and group 'www' have been created.
Make sure you change the above directories to suit your system.
Your boa.conf should look something like the following:
## begin config file
Port 80
User www
Group www
# Note, these paths are used releative to the chroot jail. i.e /var/log is
# really /var/www/var/log
ErrorLog /var/log/error_log
AccessLog /var/log/access_log
DocumentRoot /var/www
# You won't be able to access user home directories outside of the chroot
# but you may replicate them into the chroot jail. You'll need a working
# and valid /etc/passwd as well
UserDir public_html
DirectoryIndex index.html
# this binary must exist in the chroot jail. Again, the path is relative.
DirectoryMaker /usr/bin/boa_indexer
KeepAliveMax 1000
KeepAliveTimeout 10
# this file must exist inside AND outside the chroot jail.
MimeTypes /opt/boa/mime.types
DefaultType text/plain
## end config file
Once the configuration file is created, you must begin creating your
chroot jail. A variety of libraries, timezone files, device files and other
bits and pieces must be copied in order for this to work. Below is a ls -lR
of what your jail should be at a minimum:
.:
total 10
drwxr-xr-x 2 root other 512 Jan 21 18:58 dev
drwxr-xr-x 2 root other 512 Jan 21 19:20 etc
drwxr-xr-x 3 root other 512 Jan 21 19:20 opt
drwxr-xr-x 5 root other 512 Jan 21 19:08 usr
drwxr-xr-x 4 root other 512 Jan 21 18:57 var
./dev:
total 0
crw-rw-rw- 1 root other 13, 2 Jan 21 18:58 null
crw-rw-rw- 1 root other 41, 0 Jan 21 18:58 udp
./etc:
total 16
-r-xr-xr-x 1 root other 482 Jan 21 19:20 TIMEZONE
-r--r--r-- 1 root other 74 Jan 21 19:20 hosts
-rw-r--r-- 1 root other 1239 Jan 21 19:20 netconfig
-rw-r--r-- 1 root other 1298 Jan 21 19:20 nsswitch.conf
-r--r--r-- 1 root other 514 Jan 21 19:44 passwd
-rw-r--r-- 1 root other 94 Jan 21 19:20 resolv.conf
drwx------ 2 root other 512 Jan 21 19:20 boa
./boa:
total 4
-rw-r--r-- 1 root other 1234 Jan 21 19:26 boa.conf
./opt:
total 2
drwxr-xr-x 2 root other 512 Jan 21 19:26 boa
./opt/boa:
total 20
-rw-r--r-- 1 root other 9964 Jan 21 19:26 mime.types
./usr:
total 6
drwxr-xr-x 2 root other 512 Jan 21 19:21 bin
drwxr-xr-x 2 root other 512 Jan 21 19:03 lib
drwxr-xr-x 3 root other 512 Jan 21 19:08 share
./usr/bin:
total 18
-rwxr-xr-x 1 root other 8944 Jan 21 19:23 boa_indexer
./usr/lib:
total 5094
-rwxr-xr-x 1 root other 185020 Jan 21 19:03 ld.so.1
-rwxr-xr-x 1 root other 1126652 Jan 21 18:56 libc.so.1
-rwxr-xr-x 1 root other 4308 Jan 21 18:56 libdl.so.1
-rwxr-xr-x 1 root other 24968 Jan 21 18:56 libmp.so.2
-rwxr-xr-x 1 root other 883500 Jan 21 18:56 libnsl.so.1
-rwxr-xr-x 1 root other 265860 Jan 21 18:56 libresolv.so.2
-rwxr-xr-x 1 root other 70260 Jan 21 18:56 libsocket.so.1
./usr/share:
total 2
drwxr-xr-x 3 root other 512 Jan 21 19:08 lib
./usr/share/lib:
total 2
drwxr-xr-x 3 root other 512 Jan 21 19:08 zoneinfo
./usr/share/lib/zoneinfo:
total 2
drwxr-xr-x 2 root other 512 Jan 21 19:09 Australia
./usr/share/lib/zoneinfo/Australia:
total 22
-rw-r--r-- 1 root other 785 Jan 21 19:09 ACT
-rw-r--r-- 1 root other 785 Jan 21 19:09 Broken_Hill
-rw-r--r-- 1 root other 663 Jan 21 19:09 LHI
-rw-r--r-- 1 root other 785 Jan 21 19:09 NSW
-rw-r--r-- 1 root other 104 Jan 21 19:09 North
-rw-r--r-- 1 root other 160 Jan 21 19:09 Queensland
-rw-r--r-- 1 root other 785 Jan 21 19:09 South
-rw-r--r-- 1 root other 825 Jan 21 19:09 Tasmania
-rw-r--r-- 1 root other 785 Jan 21 19:09 Victoria
-rw-r--r-- 1 root other 150 Jan 21 19:09 West
-rw-r--r-- 1 root other 785 Jan 21 19:09 Yancowinna
./var:
total 4
drwxr-xr-x 2 www www 512 Jan 21 19:44 log
drwxr-xr-x 2 root other 512 Jan 21 18:57 www
./var/log:
total 4
-rw-r--r-- 1 root other 202 Jan 21 19:47 access_log
-rw-r--r-- 1 root other 590 Jan 21 19:49 error_log
./var/www:
total 0
Note, your boa binary should be kept outside of the chroot jail as
they are not required.
The commandline issued to boa requires "-r /var/www" which tells
boa to chroot to /var/www before it does anything else, including
reading its configuration file.
That's all that's required. Start your new chrooting boa up and enjoy!