* [#introduction Introduction] * [#planning Planning] ** [#goals Goals] ** [#layout Layout] * [#starting_out Starting out] ** [#create_the_host_directory Create the host directory] ** [#install_debootstrap Install debootstrap] ** [#install_the_base_system Install the base system] * [#using_your_chroot_jail Using your chroot jail] ** [#root_shell Root shell] * [#upgrading_to_debian_testing Upgrading to Debian testing] ** [#apt_get_for_beginners apt-get for beginners] * [#installing_software Installing software] ** [#webserver Webserver] ** [#system_administration System administration] ** [#adding_user_accounts Adding user accounts] ---- ! Introduction Perhaps you want to test the latest bleeding-edge release of the [Apache] webserver. Or maybe you would like to let some friends host a website on your production system without letting them near your pristine configuration. Maybe you are paranoid and like to keep each application seperate from each other to minimise potential security problems. Whatever your intentions for setting up a ''chroot jail'', the last thing you need is to spend hours configuring each jailed environment. Enter debootstrap to create a [Debian] chroot jail - all the power and ease of [Debian] in the secure jail you demand! ---- ! Planning You need to have a clear idea of what you intend on achieving before you begin. This example will focus on running a webserver from the [Debian] distribution, to be administered by a friend who we don't trust enough to have an account on the host system. !! Goals Our goals for the purpose of this example will be to: * Install and configure a webserver with supporting software ([PHP], MySQL) * Install supporting services to allow maintenance by our friend ([SSH], WebDav). !! Layout Layout on the host system is non-consequental for operation of the jail, but careful planning will save you effort in the long-term. It makes sense to keep things laid out in a logical manner by keeping like things together. The basic purpose of chroot is to provide a filesystem sandbox, that is to remap one directory to be the root directory (/) for the chroot'ed program. To this end, I suggest you keep all chroot'ed jail directories in a common location. I like to use '''/chroot/''''/''' where ''systemname'' is a basic description of what the chroot jail is for. ---- ! Starting out !! Create the host directory mkdir -p /chroot/webserver !! Install debootstrap apt-get install debootstrap / up2date install debootstrap / ... !! Install the base system debootstrap --arch i386 woody /chroot/webserver ---- ! Using your chroot jail !! Root shell chroot /chroot/webserver /bin/bash chroot /chroot/webserver su - ---- ! Upgrading to Debian testing !! apt-get for beginners vi /etc/apt/sources.list apt-get update apt-get dist-upgrade ---- ! Installing software !! Webserver apt-get install apache php4 mysql-server !! System administration apt-get install ssh vi /etc/ssh/sshd_config /etc/init.d/ssh restart !! Adding user accounts vi /etc/adduser.conf adduser bob su - bob usermod -G www-data bob adduser sally usermod -G www-data sally ... ---- >>> Bother! I'm due to go out 30 minutes ago, and this is nowhere near finished! Check back soon to see the rest of the howto... untill then, adios! -- TysonClugg.