Tiny Core Linux
Tiny Core Base => TCB Talk => Topic started by: halma on April 05, 2020, 03:10:23 PM
-
Hi,
i want to run Bftpd into a chroot envoirement in Tinycore x64, at the moment i dont know howto setup a correctly and secure chroot envoirement for Bftpd in Tinycorelinux.
Tinycore is based on busybox so i think the correct way for learning how chroot works i need to read the man pages, docs of busybox for chroot ? Is that correct ?
Thanks
-
Hi halma
There's the busybox version:
tc@E310:~/C_Programs/ImageEdge$ busybox chroot --help
BusyBox v1.29.3 (2018-12-19 15:29:37 UTC) multi-call binary.
Usage: chroot NEWROOT [PROG ARGS]
Run PROG with root directory set to NEWROOT
tc@E310:~/C_Programs/ImageEdge$
Then there's the GNU version included in coreutils.tcz which has additional options:
tc@E310:~/C_Programs/ImageEdge$ chroot --help
Usage: chroot [OPTION] NEWROOT [COMMAND [ARG]...]
or: chroot OPTION
Run COMMAND with root directory set to NEWROOT.
--groups=G_LIST specify supplementary groups as g1,g2,..,gN
--userspec=USER:GROUP specify user and group (ID or name) to use
--skip-chdir do not change working directory to '/'
--help display this help and exit
--version output version information and exit
If no command is given, run '"$SHELL" -i' (default: '/bin/sh -i').
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report chroot translation bugs to <https://translationproject.org/team/>
Full documentation at: <https://www.gnu.org/software/coreutils/chroot>
or available locally via: info '(coreutils) chroot invocation'
tc@E310:~/C_Programs/ImageEdge$
Maybe this is of interest:
https://www.gnu.org/software/coreutils/manual/html_node/chroot-invocation.html#chroot-invocation
-
Hi Rich,
thanks for your answer, would it be enough to run Bftpd with the chroot command like this :
chroot /my/chrootdir bftpd -d -c bftpd.conf
or do i need to create the chroot directory structur and copy needed files also too there ?
mkdir -pv dev/pts proc etc lib usr/lib var/run var/log ... copying /etc/passwd/groups.... and also copy shared libs
Thanks a lot
-
Hi halma
I've never used chroot, but since it's meant to prevent access outside of the chrooted directory, I would think you need to
have copies of required libraries, programs, etc. in that directory. That directory would therefore also need to exist in advance.
If you search for something like:
linux chroot examples
you'll probably find better advice than I can offer.
-
Hi halma
Maybe you can adapt these instructions to your needs:
https://docs.oracle.com/html/E36387_02/ol_cj_sec.html
-
You could also look at linuxfromscratch to see how they construct a changeroot environment.