To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
Chroot: Difference between revisions
>Juvenal m fix error in command specified to copy executables to chroot |
Update to latest version provided by archive.org |
||
| Line 1: | Line 1: | ||
{{ambox|type= | {{ambox|type=speedy|text= | ||
This tutorial and the script are intended for '''advanced users''' only who actually know what '''chroot''' does! | This tutorial and the script are intended for '''advanced users''' only who actually know what '''chroot''' does! | ||
}} | }} | ||
| Line 94: | Line 94: | ||
And stop it with: | And stop it with: | ||
start-stop-daemon --chroot /var/chroot/ --chuid bouncer:bouncer --stop --exec /usr/local/bin/znc | start-stop-daemon --chroot /var/chroot/ --chuid bouncer:bouncer --stop --exec /usr/local/bin/znc | ||
Latest revision as of 20:00, 31 March 2017
 |
This tutorial and the script are intended for advanced users only who actually know what chroot does! |
 |
Alternativly you can test this script which will download the latest nightly and help you setting it up to run chrooted. |
This article describes how to run ZNC in a chroot-environment on Debian.
1. Compile and install ZNC normally.
Details: Installation
2. Add a new user for ZNC
Example: bouncer
adduser bouncer
3. Login as "bouncer" and configure ZNC normally for this user.
Details: Configuration
4. Change back to "root" and create a directory for the chroot environment.
Example: /var/chroot/
mkdir /var/chroot
5. Create the following subdirectories:
/var/chroot/ +
etc/ dev/ usr/ usr/lib/ usr/local/share usr/local/bin usr/local/lib lib/ home/ home/bouncer
6. Change into the newly created "home"-directory and run:
chown bouncer:bouncer bouncer
7. Change into the newly created "dev"-directory and run:
mknod -m 644 random c 1 8 mknod -m 644 urandom c 1 9 mknod -m 666 null c 1 3
8. Run "ldd znc" to get the names of the needed libs.
Example:
linux-gate.so.1 => () libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 () libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 () libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.so.0.9.8 () libstdc++.so.6 => /usr/lib/libstdc++.so.6 () libm.so.6 => /lib/tls/i686/cmov/libm.so.6 () libgcc_s.so.1 => /lib/libgcc_s.so.1 () libc.so.6 => /lib/tls/i686/cmov/libc.so.6 () /lib/ld-linux.so.2 () libz.so.1 => /usr/lib/libz.so.1 ()
9. Copy all needed files.
cp /lib/mylibname /var/chroot/lib/ cp /usr/lib/mylibname /var/chroot/usr/lib/
Be sure that you missed no file!
10. You need to copy the following files to get DNS working.
/etc/hosts /etc/resolv.conf /lib/libnss_dns.so.2 (May also be somewhere else, ask locate) /lib/libresolv.so.2 (May also be somewhere else, ask locate)
11. Copy ZNC files.
cp /usr/local/bin/znc* /var/chroot/usr/local/bin/ cp -r /usr/local/share/znc /var/chroot/usr/local/share/ cp -r /usr/local/lib/znc /var/chroot/usr/local/lib/
12. Change to "bouncer" user and copy config files.
cp -r /home/bouncer/.znc /var/chroot/home/bouncer/
13. Change to "root" user.
You now can start ZNC with:
start-stop-daemon --chroot /var/chroot/ --chuid bouncer:bouncer --start --exec /usr/local/bin/znc
And stop it with:
start-stop-daemon --chroot /var/chroot/ --chuid bouncer:bouncer --stop --exec /usr/local/bin/znc