Using chroot in NetBSD
Let's go through the steps to create a working chroot, but test at each
step; Suppose we want to run program hello in the chroot directory. First,
create the directory we are going to use as the alternate
root and copy the program:
mkdir /usr/ftp
mkdir /usr/ftp/bin
cp hello /usr/ftp/bin
Now try the chroot command:
chroot /usr/ftp hello
Hello,world
This worked only because hello was statically linked - it didn't require
any libraries. If chroot is given only one argument it tries to run the
default shell. We can provide the shell
cp /bin/sh /usr/ftp/bin
mkdir /usr/ftp/etc
cp /etc/shells /usr/ftp/etc
and try chroot again:
chroot /usr/ftp
/bin/sh not found
Sine sh is manifestly in the right place, what is the problem? sh is
dynamically linked, and requires libraries. The error message is only
there to mislead you. We can find the required libraries with:
ldd /bin/sh
now copy those libraries to the alternate root:
mkdor /usr/ftp/lib
cp
and test chroot again:
$chroot /usr/ftp
$ls
etc bin lib
This
Running tnftpd with chroot
Compile and install tnftpd:
cd /usr/pkgsrc/network/tnftpd
make
make install
Modify inetd.conf so that the ftpd executable is given as
/usr/pkg/bin/ftpd rather than as /bin/ftpd.
In /usr/pkg/etc, modify ftpd.conf according to the documentation. At the
very least you have to add a chroot command, possibly with arguments. If
you will be using other ftp configuration files, such as ftpusers, the
relevant ones will live in this directory, not in the alternate root.
cp /etc/passwd /usr/ftp/passw
Daniel Feenberg
NBER