FSTAB - how to mount folders and devices into chroot environment
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
FSTAB - how to mount folders and devices into chroot environment
I've got about fstab. I would like to mount automatically /dev ; devpts, /proc and tmpfs into my chroot directory but I don't know how to do that. Whenever I reboot my machine, I have to mount them manually. Anyone has any solution for that? For example I want to automount from fstab /dev into /lala/la2/chroot. I know how to do that manually from the command prompt but I don't understand how should it look like by using fstab. Also I would like to automount from my fstab vsftpd users into virtualhosts. My vsftpd users are in /home/user_name/ but my virtualhosts are (let's say) in /somecatalog/something/sudbomain.domain.com. My friend told me that it's a safer way than making symlinks into that folders. Anyone got any clue?Oh and that /home/user_name/ and also /somecatalog/something/subdomain.domain.com are both located inside the chroot environment /lala/la2/chroot so for example virtualhost is inside: /lala/la2/chroot/somecatalog/something/subdomain.domain.com
This is how it exacly looks on my server right now:
Code:
/dev/mapper/vg_xxxx-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev on /some/something/chroot/dev type devpts (rw,gid=5,mode=620)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev on /some/something/chroot/dev type none (rw,bind)/dev/pts on /some/something/chroot/dev/pts type none (rw,bind)
tmpfs on /dev/shm type tmpfs (rw)
proc on /some/something/chroot/proc type proc (rw)
Please note that I would also like to mount automatically by using fstab what I've said above before the code quote. I also have to mount catalogs from /home/username/ into the jailed apache/virtualhost directory.
Do NOT put native /dev, /proc etc... in your chroot environment. The reason for a chroot is to protect the rest of your system from the chroot'ed user when it logs in. If the real /dev, /proc are mounted into the chroot environment then the chroot'ed user can play havoc with your system. Instead you should create directories and put any needed files (and ONLY the needed files) into those directories.
I'm not as experienced user to do such things. That's why decided to mount it and besides that some services would have problems with proper work without mounting /dev and /proc. For example screen requires both of them to be mounted. I will try it, though and see if it works in that way you said.But it still not resolving my problem with ftp users and virtual hosts, unfortunately.
screen does not "require" /dev and /proc to be "mounted". It MAY require certain components to be there and if so you'd need to:
1) Determine which components.
2) Put COPIES of those components there rather than the originals.
Did you look at the link I sent you? Have you tried adding a dev subdirecory under the chroot? What errors do you get on trying to invoke the screen utility? Have you copied the binary into the chroot or did you foolishly mount /bin there as well?
You ARE being helped because I'm explaining why mounting filesystems to chroot is the same as NOT having a chroot in the first place as you open yourself up to the very security issues that chroot is intended to mitigate. Teaching you how to shoot yourself in the foot even if that is what you want is NOT helpful.
I'd suggest you do a web search for "chroot tutorial" and read a few of the ones you find so you have a better understanding of the security implications of what you're asking.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.