Mozilla Skin

Chroot

From YourSupportStoreWiki

mkdir -p /git {dev,etc,lib,usr,bin,usr/sbin,usr/libexec/openssh}
mknod  /git/dev/null c 1 3
mknod /git/dev/zero c 1 5
cp /etc/ld.so.cache /git/etc/
cp -avr /etc/ld.so.cache /git/etc/
cp /etc/ld.so.conf /git/etc/
cp /etc/nsswitch.conf /git/etc/
cp /etc/passwd /git/etc/
cp /etc/group /git/etc/
cp /etc/hosts /git/etc/
cp /etc/resolv.conf /git/etc/
cp /usr/bin/scp /git/usr/bin/
cp /usr/bin/ssh /git/usr/bin/
cp /usr/bin/sftp /git/usr/bin/
cp /usr/bin/git /git/usr/bin/
cp -p /bin/bash /git/bin/
cp /usr/libexec/openssh/sftp-server /git/ usr/libexec/openssh/
cd ~
wget   http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
cat l2chroot.txt | sed s/webroot/git/g >/sbin/l2chroot
chmod +x /sbin/l2chroot
l2chroot /usr/bin/scp
l2chroot /usr/bin/ssh
l2chroot /usr/bin/sftp
l2chroot /usr/bin/git
l2chroot /bin/bash
l2chroot /usr/libexec/openssh/sftp-server
cd /git
chmod 700 /git/bin -R
chmod 750 /git/dev -R
chmod 700 /git/etc -R
chmod 750 /git/lib -R
chmod 750 /git/usr -R
chown root:users /git/usr -R
chown root:users /git/lib -R
chown root:users /git/dev -R
chown root:root /git/etc -R
chown root:root /git/bin -R
chmod 0666 /git/dev/{null,zero}
grep \:5[0-9][0-9]\: /etc/passwd > /git/etc/passwd
egrep '\:5[0-9][0-9]\:|\:1[0-9][0-9][0-9]\:' /etc/group > /git/etc/group
chmod 400 /git/etc/group
chmod 400 /git/etc/passwd
mkdir -p /git/home/
chown -R root.dev /git/development/
chown -R root.deploy /git/deploy-stage/
chown -R root.deploy /git/deploy-prod/
chmod –R 660 /git/deploy-prod/
chmod –R 660 /git/deploy-stage/
chmod –R 660 /git/ development/
chown root.root /git
chmod 750 /git
echo “Match Group dev”  >> /etc/ssh/sshd_config
echo “    ChrootDirectory /git” >> /etc/ssh/sshd_config
echo “    AllowTcpForwarding no” >> /etc/ssh/sshd_config
service sshd restart

if dns isn’t updated then edit local dns to use the short names of the server it will make it easier to track changes when you are looking at dns names instead of ip’s but if you don’t mind then use the ip’s.

adding a user

useradd testuser
mkdir -p /git/home/testuser
chown testuser.testuser /git/home/testuser