mknod for chroot ssh user

l2f

l2f

Hello,

I try to figure out on how to create device node with mknod for my chroot ssh user, as written in the man sshd_config:
The ChrootDirectory must contain the necessary files and directo-
ries to support the user's session. For an interactive session
this requires at least a shell, typically sh(1), and basic /dev
nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
arandom(4) and tty(4) devices.
Click to expand...
I try to create the device but the manpage of mknod does not help
major The major device number is an integer number which tells the ker-
nel which device driver entry point to use. To learn what major
device number to use for a particular device, check
/usr/src/sys/conf/majors
Click to expand...
the file /usr/src/sys/conf/majors does not exist, and I have the src.

I am a little bit lost with mknod, devfs, etc.

Regards,

L2f
 
You don't need mknod, just mount devfs inside your chroot environment.
 
Hello,

Great, but how do you do this, I try to chroot ssh: /home/chroot

In fact, I did: [cmd=]mknod null c 0 0 root:wheel; chmod guo+rw null[/cmd]
The easiest way I find is to cp the /dev to my /home/chroot.

Thanks

l2f
 
Or better yet, put:
Code: 
jail_www_devfs_enable="YES"          # mount devfs in the jail
jail_www_devfs_ruleset="www_ruleset" # devfs ruleset to apply to jail
in your rc.conf and every time you power up the jail, it will have devfs automounted.

Handbook.
 
SirDice said:
chroot != jail
Click to expand...
Wrong, a chroot is very much equivalent to a jail except a jail has tools to manage it effectively plus a lot of other abilities. You can easily create a method to spin up lightweight jails to take the place of where you would use chroot's in other OS's.
 
Hello everyone,

Thank you so much for your answers, I use the chroot because I have to test in FreeBSD but I have to create it in AIX (in fact to help the sysadmin to do it), so I try to keep it simple.

Regards,

l2f
 
Galactic_Dominator said:
Wrong, a chroot is very much equivalent to a jail except a jail has tools to manage it effectively plus a lot of other abilities. You can easily create a method to spin up lightweight jails to take the place of where you would use chroot's in other OS's.
Click to expand...

I think the point was that jail_XXX variables in rc.conf does nothing for the OP ;)
 
Galactic_Dominator said:
Wrong, a chroot is very much equivalent to a jail except a jail has tools to manage it effectively plus a lot of other abilities.
Click to expand...
If it has different abilities it's not the same is it?
 
SirDice said:
If it has different abilities it's not the same is it?
Click to expand...
Of course a jail has all the abilities of a chroot, anyone who has used one knows that. That means a jail can do WHATEVER a chroot can plus additional abilities like VNET, extended sysctl's, an rc framework to support automation, etc. About the only time you wouldn't consider using jail over a chroot is when cross-platform is required or a super-simple quick filesystem isolation. Since the OP hadn't made that clear earlier, da1's suggestion was a good one.
 
Take a marathon runner, a sprinter and me. According to your definition we're all the same because all three of us can run. However the sprinter will suck doing a marathon, the marathon runner will suck doing the 100m and I will suck doing either of them. Because we have different capabilities we are, by definition, not the same.
 
You must log in or register to reply here.
Back
Top