LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-11-2012, 01:26 AM   #1
Gruszka1
LQ Newbie
 
Registered: Apr 2012
Posts: 6

Rep: Reputation: Disabled
FSTAB - how to mount folders and devices into chroot environment


I've got about fstab. I would like to mount automatically /dev ; devpts, /proc and tmpfs into my chroot directory but I don't know how to do that. Whenever I reboot my machine, I have to mount them manually. Anyone has any solution for that? For example I want to automount from fstab /dev into /lala/la2/chroot. I know how to do that manually from the command prompt but I don't understand how should it look like by using fstab. Also I would like to automount from my fstab vsftpd users into virtualhosts. My vsftpd users are in /home/user_name/ but my virtualhosts are (let's say) in /somecatalog/something/sudbomain.domain.com. My friend told me that it's a safer way than making symlinks into that folders. Anyone got any clue?Oh and that /home/user_name/ and also /somecatalog/something/subdomain.domain.com are both located inside the chroot environment /lala/la2/chroot so for example virtualhost is inside: /lala/la2/chroot/somecatalog/something/subdomain.domain.com


This is how it exacly looks on my server right now:

Code:
/dev/mapper/vg_xxxx-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev on /some/something/chroot/dev type devpts (rw,gid=5,mode=620)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev on /some/something/chroot/dev type none (rw,bind)
/dev/pts on /some/something/chroot/dev/pts type none (rw,bind)
tmpfs on /dev/shm type tmpfs (rw)
proc on /some/something/chroot/proc type proc (rw)
Please note that I would also like to mount automatically by using fstab what I've said above before the code quote. I also have to mount catalogs from /home/username/ into the jailed apache/virtualhost directory.
 
Old 04-11-2012, 08:14 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,713
Blog Entries: 14

Rep: Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038
Do NOT put native /dev, /proc etc... in your chroot environment. The reason for a chroot is to protect the rest of your system from the chroot'ed user when it logs in. If the real /dev, /proc are mounted into the chroot environment then the chroot'ed user can play havoc with your system. Instead you should create directories and put any needed files (and ONLY the needed files) into those directories.

For example doing this BIND (named) chroot shows creating /dev/null and /dev/random:
http://tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html
 
Old 04-11-2012, 06:16 PM   #3
Gruszka1
LQ Newbie
 
Registered: Apr 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
I'm not as experienced user to do such things. That's why decided to mount it and besides that some services would have problems with proper work without mounting /dev and /proc. For example screen requires both of them to be mounted. I will try it, though and see if it works in that way you said.But it still not resolving my problem with ftp users and virtual hosts, unfortunately.

Thanks for advice.
 
Old 04-13-2012, 01:41 AM   #4
Gruszka1
LQ Newbie
 
Registered: Apr 2012
Posts: 6

Original Poster
Rep: Reputation: Disabled
Does no one really want to help me with my problem?
 
Old 04-13-2012, 08:07 AM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,713
Blog Entries: 14

Rep: Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038Reputation: 1038
screen does not "require" /dev and /proc to be "mounted". It MAY require certain components to be there and if so you'd need to:
1) Determine which components.
2) Put COPIES of those components there rather than the originals.

Did you look at the link I sent you? Have you tried adding a dev subdirecory under the chroot? What errors do you get on trying to invoke the screen utility? Have you copied the binary into the chroot or did you foolishly mount /bin there as well?

You ARE being helped because I'm explaining why mounting filesystems to chroot is the same as NOT having a chroot in the first place as you open yourself up to the very security issues that chroot is intended to mitigate. Teaching you how to shoot yourself in the foot even if that is what you want is NOT helpful.

I'd suggest you do a web search for "chroot tutorial" and read a few of the ones you find so you have a better understanding of the security implications of what you're asking.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is possible to mount devices in a chroot jail? daurpam Linux - Newbie 2 04-20-2010 04:09 PM
mount as non-root for devices not in fstab redray8 Slackware 5 08-07-2009 05:54 PM
redirecting folders to a separate mount point in /etc/fstab etortola Linux - Server 1 06-20-2009 09:47 AM
mount in chroot environment not possible moskito01 SUSE / openSUSE 5 12-06-2004 04:06 PM
Editing fstab to mount devices? apachedude SUSE / openSUSE 7 12-03-2004 04:35 AM


All times are GMT -5. The time now is 07:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration