home 
wiki
wiki
Spelling: DebianChrootHowto
* Introduction [1]
* Planning [2]
* Goals [3]
* Layout [4]
* Starting out [5]
* Create the host directory [6]
* Install debootstrap [7]
* Install the base system [8]
* Using your chroot jail [9]
* Root shell [10]
* Upgrading to Debian testing [11]
* apt-get for beginners [12]
* Installing software [13]
* Webserver [14]
* System administration [15]
* Adding user accounts [16]
-------------------------
INTRODUCTION
Perhaps you want to test the latest bleeding-edge release of the
Apache [17] webserver. Or maybe you would like to let some friends
host a website on your production system without letting them near
your pristine configuration. Maybe you are paranoid and like to keep
each application seperate from each other to minimise potential
security problems. Whatever your intentions for setting up a _chroot
jail_, the last thing you need is to spend hours configuring each
jailed environment. Enter debootstrap to create a Debian [18] chroot
jail - all the power and ease of Debian [19] in the secure jail you
demand!
-------------------------
PLANNING
You need to have a clear idea of what you intend on achieving before
you begin. This example will focus on running a webserver from the
Debian [20] distribution, to be administered by a friend who we don't
trust enough to have an account on the host system.
GOALS
Our goals for the purpose of this example will be to:
* Install and configure a webserver with supporting software (PHP
[21], MySQL [22])
* Install supporting services to allow maintenance by our friend
(SSH [23], WebDav [24]).
LAYOUT
Layout on the host system is non-consequental for operation of the
jail, but careful planning will save you effort in the long-term. It
makes sense to keep things laid out in a logical manner by keeping
like things together. The basic purpose of chroot is to provide a
filesystem sandbox, that is to remap one directory to be the root
directory (/) for the chroot'ed program.
To this end, I suggest you keep all chroot'ed jail directories in a
common location. I like to use /CHROOT/__/ where _systemname_ is a
basic description of what the chroot jail is for.
-------------------------
STARTING OUT
CREATE THE HOST DIRECTORY
mkdir -p /chroot/webserver
INSTALL DEBOOTSTRAP
apt-get install debootstrap / up2date install debootstrap / ...
INSTALL THE BASE SYSTEM
debootstrap --arch i386 woody /chroot/webserver
-------------------------
USING YOUR CHROOT JAIL
ROOT SHELL
chroot /chroot/webserver /bin/bash chroot /chroot/webserver su -
-------------------------
UPGRADING TO DEBIAN TESTING
APT-GET FOR BEGINNERS
vi /etc/apt/sources.list apt-get update apt-get dist-upgrade
-------------------------
INSTALLING SOFTWARE
WEBSERVER
apt-get install apache php4 mysql-server
SYSTEM ADMINISTRATION
apt-get install ssh vi /etc/ssh/sshd_config /etc/init.d/ssh restart
ADDING USER ACCOUNTS
vi /etc/adduser.conf adduser bob su - bob usermod -G www-data bob
adduser sally usermod -G www-data sally ...
-------------------------
Bother! I'm due to go out 30 minutes ago, and this is nowhere near
finished! Check back soon to see the rest of the howto... untill then,
adios! -- TysonClugg [25].
Links:
------
[1] http://melbournewireless.org.au/#introduction
[2] http://melbournewireless.org.au/#planning
[3] http://melbournewireless.org.au/#goals
[4] http://melbournewireless.org.au/#layout
[5] http://melbournewireless.org.au/#starting_out
[6] http://melbournewireless.org.au/#create_the_host_directory
[7] http://melbournewireless.org.au/#install_debootstrap
[8] http://melbournewireless.org.au/#install_the_base_system
[9] http://melbournewireless.org.au/#using_your_chroot_jail
[10] http://melbournewireless.org.au/#root_shell
[11] http://melbournewireless.org.au/#upgrading_to_debian_testing
[12] http://melbournewireless.org.au/#apt_get_for_beginners
[13] http://melbournewireless.org.au/#installing_software
[14] http://melbournewireless.org.au/#webserver
[15] http://melbournewireless.org.au/#system_administration
[16] http://melbournewireless.org.au/#adding_user_accounts
[17] http://melbournewireless.org.au/?Apache
[18] http://melbournewireless.org.au/?Debian
[19] http://melbournewireless.org.au/?Debian
[20] http://melbournewireless.org.au/?Debian
[21] http://melbournewireless.org.au/?PHP
[22] http://melbournewireless.org.au/?MySQL
[23] http://melbournewireless.org.au/?SSH
[24] http://melbournewireless.org.au/?WebDav
[25] http://melbournewireless.org.au/?TysonClugg
[EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]