Tiny Core Linux

Tiny Core Base => TCB Talk => Topic started by: halma on April 05, 2020, 03:10:23 PM

Title: chroot documentation, what i need to read ?
Post by: halma on April 05, 2020, 03:10:23 PM

Hi,

i want to run Bftpd into a chroot envoirement in Tinycore x64, at the moment i dont know howto setup a correctly and secure chroot envoirement for Bftpd in Tinycorelinux.
Tinycore is based on busybox so i think the correct way for learning how chroot works i need to read the man pages, docs of busybox for chroot ? Is that correct ?

Thanks

Title: Re: chroot documentation, what i need to read ?
Post by: Rich on April 05, 2020, 10:54:30 PM

Hi halma
There's the busybox version:

Code: [Select]

tc@E310:~/C_Programs/ImageEdge$ busybox chroot --help
BusyBox v1.29.3 (2018-12-19 15:29:37 UTC) multi-call binary.

Usage: chroot NEWROOT [PROG ARGS]

Run PROG with root directory set to NEWROOT
tc@E310:~/C_Programs/ImageEdge$
Then there's the GNU version included in  coreutils.tcz  which has additional options:

Code: [Select]

tc@E310:~/C_Programs/ImageEdge$ chroot --help
Usage: chroot [OPTION] NEWROOT [COMMAND [ARG]...]
  or:  chroot OPTION
Run COMMAND with root directory set to NEWROOT.

  --groups=G_LIST        specify supplementary groups as g1,g2,..,gN
  --userspec=USER:GROUP  specify user and group (ID or name) to use
  --skip-chdir           do not change working directory to '/'
      --help     display this help and exit
      --version  output version information and exit

If no command is given, run '"$SHELL" -i' (default: '/bin/sh -i').

GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report chroot translation bugs to <https://translationproject.org/team/>
Full documentation at: <https://www.gnu.org/software/coreutils/chroot>
or available locally via: info '(coreutils) chroot invocation'
tc@E310:~/C_Programs/ImageEdge$
Maybe this is of interest:
https://www.gnu.org/software/coreutils/manual/html_node/chroot-invocation.html#chroot-invocation

Title: Re: chroot documentation, what i need to read ?
Post by: halma on April 06, 2020, 01:05:33 PM

Hi Rich,

thanks for your answer, would it be enough to run Bftpd with the chroot command like this :

Code: [Select]

chroot /my/chrootdir bftpd -d -c bftpd.conf
or do i need to create the chroot directory structur and copy needed files also too there ?

Code: [Select]

mkdir -pv dev/pts proc etc lib usr/lib var/run var/log ... copying /etc/passwd/groups.... and also copy shared libs
Thanks a lot

Title: Re: chroot documentation, what i need to read ?
Post by: Rich on April 06, 2020, 01:19:07 PM

Hi halma
I've never used  chroot,  but since it's meant to prevent access outside of the  chrooted  directory, I would think you need to
have copies of required libraries, programs, etc. in that directory. That directory would therefore also need to exist in advance.

If you search for something like:

Code: [Select]

linux chroot examplesyou'll probably find better advice than I can offer.

Title: Re: chroot documentation, what i need to read ?
Post by: Rich on April 06, 2020, 01:29:11 PM

Hi halma
Maybe you can adapt these instructions to your needs:
https://docs.oracle.com/html/E36387_02/ol_cj_sec.html

Title: Re: chroot documentation, what i need to read ?
Post by: Juanito on April 06, 2020, 01:48:41 PM

You could also look at linuxfromscratch to see how they construct a changeroot environment.