chrootで学ぶ環境構築時のポイント

以下のテキストは、執筆時当時の情報を元に書いたものであり、 現在の情勢にそぐわないことを含む場合があるので注意されたい。 また、テキストは最終提出原稿で校正を経る前のものなので、実際にUNIXUSER 本誌に記載されたものとは異なる。誤字脱字等そのままである。

致命的な誤り以外は加筆修正等は行なわないので情報の鮮度に気をつけつつ 利用して欲しい。

目次


Part2 chroot

Part1chroot

chroot


chroot
Part3
 FreeBSD  jail(8) 
chroot


OS

/opt/chroot chroot
OS
FreeBSD 5.1R 

# cd somewhere/5.1-RELEASE/base
# sh -c 'DESTDIR=/opt/chroot . install.sh'





chroot

chroot






chroot


chroot

	1 
	2 
	3 chroot

23



chroot


chroot
 cvs 

[ 1]

chroot(
) /opt/chroot 

(cvs)
ls  
chroot 

	/bin/sh
	/bin/ls
	/usr/bin/cvs



	()
	# mkdir -p /opt/chroot
	# mkdir /opt/chroot/bin
	# mkdir /opt/chroot/root
	# mkdir -p /opt/chroot/usr/bin
	()
	# cp /bin/sh /bin/ls /opt/chroot/bin
	# cp /usr/bin/cvs /opt/chroot/usr/bin

 chroot  sh, ls, cvs 

	# chroot /opt/chroot /bin/sh

chroot 12
chroot
 sh 

	(chroot)#

chroot
 (chroot)# ls 

	(chroot)# ls
		  ~~
	bin	usr

	(chroot)# ls -lF
		  ~~~~~~
	total 4
	drwxr-xr-x  2 0  0  512 Jul 28 19:47 bin/
	drwxr-xr-x  3 0  0  512 Jul 29 00:12 usr/

lsls -l
 UID/GID  0 0 
chroot

chroot

cvs

	(chroot)# cvs
		  ~~~
	ELF interpreter /usr/libexec/ld-elf.so.1 not found
	Abort trap

shlscvs dynamic executable
()



[ 1 ]





 /usr/lib 

 libc  /usr/lib/libc.* 

: 
(shared object)
()




			lib<>.a
			lib<>.so





(shared object)

 	/usr/libexec/ld-elf.so.1	FreeBSD(ELF)
	/lib/ld-linux.so.2		Linux



chroot


	* ldd - 

	(shared object)
	

	* ldconfig - 

	FreeBSD
	/var/run/ld-elf.so.hints /
	 ldconfig 
	Linux[]

	----[Linux ]---------------------------------------------
	Linux /etc/ld.so.cache 
	-----------------------------------------------------------------

	# ldconfig 1 2 ... n

	
	 
	/usr/lib chrootldconfig 
	Linux 

	:
	# mkdir -p /opt/chroot/var/run
	# mkdir /opt/chroot/sbin
	# cp /sbin/ldconfig /opt/chroot/sbin
	# chroot /opt/chroot /sbin/ldconfig /usr/lib /usr/local/lib ...

	/opt/chroot/usr/local/lib 
	chroot

	----[Linux ]------------------------------------------------
	/etc/ld.so.conf 
	ldconfig 
	 /etc/ld.so.cache 
	

	:
	# mkdir -p /opt/chroot/etc /opt/chroot/sbin
	# cp /sbin/ldconfig /opt/chroot/sbin
	# cat > /opt/chroot/etc/ld.so.conf
	/usr/lib
	/usr/local/lib
	/usr/foo/lib
	^D
	# chroot /opt/chroot /sbin/ldconfig
	-------------------------------------------------------------------

	* locate - 

	
	 locate 
	
	
	locate 

	-	-	-	-	-	-	-

cvschroot


	(chroot)# cvs
		  ~~~
	ELF interpreter /usr/libexec/ld-elf.so.1 not found
	Abort trap

	( ld-elf.so.1 )Linux[]
	(chroot)# exit
	# mkdir /opt/chroot/usr/libexec
	# cp /usr/libexec/ld-elf.so.1 /opt/chroot/usr/libexec

	----[Linux ]-----------------------------------------------
	( /lib )

	Linux /lib 
	(ld-linux.so)chroot

	(chroot)# exit
	# cd /
	# tar cf - lib/l* | tar xvpfC - /opt/chroot
	-------------------------------------------------------------------

	(cvs)
	# ldd `which cvs`
	  ~~~~~~~~~~~~~~~
	/usr/bin/cvs:
        libgnuregex.so.2 => /usr/lib/libgnuregex.so.2 (0x280e9000)
        libmd.so.2 => /usr/lib/libmd.so.2 (0x280f1000)
        libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280fb000)
        libz.so.2 => /usr/lib/libz.so.2 (0x28114000)
        libgssapi.so.6 => /usr/lib/libgssapi.so.6 (0x28122000)
        libkrb5.so.6 => /usr/lib/libkrb5.so.6 (0x2812e000)
        libasn1.so.6 => /usr/lib/libasn1.so.6 (0x2816a000)
        libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x28190000)
        libroken.so.6 => /usr/lib/libroken.so.6 (0x2829b000)
        libcom_err.so.2 => /usr/lib/libcom_err.so.2 (0x282aa000)
        libc.so.5 => /usr/lib/libc.so.5 (0x282ac000)


ldd libgnuregex, libmd, libcrypt,
libz, libgssapi, libkrb5, libasn1, libcrypto, libroken, libcom_err, libc 

 tar (csh
)

	# pushd /usr/lib
	# foreach f (gnuregex md crypt z gssapi krb5 asn1 crypto \
		roken com_err c)
	? tar cf - lib${f}.so* \
		| tar -xvpf - -C /opt/chroot/usr/lib --unlink
	? end

 cvs chroot
Linux[]

	# chroot /opt/chroot /usr/bin/cvs
	  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	Usage: cvs [cvs-options] command [command-options-and-arguments]
	  where cvs-options are -q, -n, etc.
		:
		:

	----[Linux ]-----------------------------------------------
	# ldd /usr/bin/cvs
	  ~~~~~~~~~~~~~~~~
	libz.so.1 => /usr/lib/libz.so.1 (0x4001f000)
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x4002d000)
        libc.so.6 => /lib/libc.so.6 (0x4005b000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

	 /usr/lib/libz.so* 
	# cd /usr/lib
	# tar cf - libz.so* | tar xvpfC - /opt/charoot/usr/lib

	
	# chroot /opt/chroot /usr/bin/cvs
	-------------------------------------------------------------------


chroot





[ 2]


date

	# cp /bin/date /opt/chroot/bin
	  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	(chrootdate)
	# chroot /opt/chroot /bin/date
	  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	Thu Jul 31 06:23:13 GMT 2003
	                    
	()
	# date
	Thu Jul 31 15:23:22 JST 2003
			    


chroot
(GMT)
 /etc/localtime 








[ 2 ]

ktrace/kdump
Linux[]

	* ktrace - 

	
	() ktrace.out 

	ktrace [] -p ID
	
	ktrace [] 

	
	
	

	* kdump - 

	ktrace
	
	ktrace.out 

	----[Linux ]-----------------------------------------------
	* strace - 

	strace [ 

	
	()
	 -o 
	

	strace -o trace.out date

	date
	 trace.out 
	-------------------------------------------------------------------


Linux[]

	(ktrace/kdumpchroot)
	# cp /usr/bin/{ktrace,kdump} /opt/chroot/usr/bin

	(chroot date )
	# chroot /opt/chroot /bin/sh
	# ktrace -i /bin/date
	Thu Jul 31 06:29:22 GMT 2003
	
	()
	# kdump | less

---[ ]--------------------------------------------------------
   472 ktrace   RET   ktrace 0
   472 ktrace   CALL  execve(0xbfbff3e0,0xbfbff8e0,0xbfbff8e8)
   472 ktrace   NAMI  "/sbin/date"
   472 ktrace   RET   execve -1 errno 2 No such file or directory
   472 ktrace   CALL  execve(0xbfbff3e0,0xbfbff8e0,0xbfbff8e8)
   472 ktrace   NAMI  "/bin/date"
   472 date     RET   execve 0
   472 date     CALL  gettimeofday(0xbfbff418,0)
   472 date     RET   gettimeofday 0
   472 date     CALL  access(0x80a6408,0x4)
   472 date     NAMI  "/etc/localtime"
   472 date     RET   access -1 errno 2 No such file or directory
   472 date     CALL  issetugid
   472 date     RET   issetugid 0
	:
	:
	:
----------------------------------------------------------------------

	----[Linux ]-----------------------------------------------
	(stracechroot)
	# cp /usr/bin/strace /opt/chroot/usr/bin
	(chrootdate)
	# chroot /opt/chroot /bin/sh
	# strace -o trace.out date
	Sat Aug  2 12:51:48 UTC 2003
	-------------------------------------------------------------------


/etc/localtime

localtime
chroot

	# mkdir /opt/chroot/etc
	# cp /etc/localtime /opt/chroot/etc









chrootWeb



	
	
	ID
	ID
	(gecos)
	
	

11

 chroot 
chroot
DNSNTP

chrootMTAWeb



SSH
()
chroot

(/etc/group)
chroot

chroot

chroot

	1. 
	2. 

rootbin
UID1000UID


  FreeBSD

  FreeBSD /etc/master.passwd 
  /etc/passwd 
  /etc/passwd 
 UID1000chrootmaster.passwd 
 awk
  /etc/master.passwd 

	# awk -F: '$3 >= 1000{printf "%s:*:%s:%s::0:0:%s:%s:%s\n", \
		$1,$3,$4,$5,$6,$7}' /etc/passwd \
		> /opt/chroot/etc/master.passwd

  master.passwd  spwd.db, passwd, pwd.db 
   pwd_mkdb 

	# cd /opt/chroot/etc
	# pwd_mkdb -d . master.passwd
	# pwd_mkdb -d . -p master.passwd

   -d .  /etc 
  
   make 
  /opt/chroot/etc  
  Makefile (BSD make)Linux[]

---[  /opt/chroot/etc/Makefile ]------------------------------
#
# Makefile for creating password account files in chroot-environment
#
all:  spwd.db passwd

spwd.db:	master.passwd

master.passwd:	/etc/passwd
	cat $> \
	|grep -v '^#' \
	|awk -F: '$$3 >= 1000 \
	{printf "%s:*:%s:%s::0:0:%s:%s:%s\n", \
		$$1,$$3,$$4,$$5,$$6,$$7}' \
	> $@
	chmod og-r $@

spwd.db:	master.passwd
	pwd_mkdb -d . $>

passwd: master.passwd
	pwd_mkdb -d . -p $>
----------------------------------------------------------------------

----[Linux ]-----------------------------------------------
  LinuxFreeBSD
  Linux /etc/shadow 
   shadow 
  FreeBSDUID1000
  chroot

  # cat /etc/passwd \
	| awk -F: '$3 >= 1000 {print}' \
	> /opt/chroot/etc/passwd

  
-------------------------------------------------------------------









	* 
	* syslog(3) 

WebApache
chroot

chrootFreeBSD
 /var/run/log chroot
syslog /var/run/log (
 /opt/chroot/var/run/log) syslogd
 syslogd(8) 
 -l Linux[]

       ()
	syslogd -s
	  
	(chroot)
	syslogd -s -l /opt/chroot/var/run/log

/etc/rc.conf 


	syslogd_flags='-s -l /opt/chroot/var/run/log'

	----[Linux ]-----------------------------------------------
	Linux /dev/log 
	syslogd -a 
	chroot
	/etc/sysconfig/syslog  SYSLOGD_OPTIONS 
	

	SYSLOGD_OPTIONS="-m 0"
	
	SYSLOGD_OPTIONS="-m 0 -a /opt/chroot/dev/log"
	-------------------------------------------------------------------







Unix



/etc 

/etc 


chroot


---[ ]------------------------------------------------------------

/etc/protocols		
/etc/services		
/etc/pam.conf		PAM(FreeBSD4)
/etc/pam.d/		PAM(Linux, FreeBSD5)
/etc/resolv.conf	()
/etc/nsswitch.conf	(Linux, FreeBSD5)
/etc/hosts		()
/etc/host.conf		(Linux, FreeBSD4)
/etc/passwd		
/etc/pwd.db		passwd  db(3)(FreeBSD)
/etc/master.passwd	(FreeBSD)
/etc/spwd.db		master.passwd  db(3)(FreeBSD)
/etc/group		
/usr/share/misc/termcap	(FreeBSD)
/usr/share/misc/termcap.db	termcapdb(FreeBSD)
//etc/termcap		(Linux)

----------------------------------------------------------------------



/dev 
 /dev  MAKEDEV 
/dev/MAKEDEV chroot /dev 


	# mkdir /opt/chroot/dev
	# cd /opt/chroot/dev
	# cp /dev/MAKE* .
	# ./MAKEDEV std

FreeBSD 5  devfs  /dev 
chroot


	# mount_devfs devfs /opt/chroot/dev

 devfs 
 devfs 
 Part3 

tmp

 /tmp  /var/tmp 


	# cd /opt/chroot
	# mkdir -p tmp var/tmp
	# chmod 1777 tmp var/tmp

var
MTAchrootchroot
 /var chroot



chroot

WebchrootWeb
chroot





	PATH = /opt/chroot/usr/local/apache
	____________________________
	/opt/chroot/usr/local/apache
                   ~~~~~~~~~~~~~~~~~
               chrootPATH = /usr/local/apache

PATHPATH
PATH

	# ln -s /opt/chroot/usr/local/apache /usr/local

chroot
chroot apache
 bin/apachectl 

     HTTPD=/usr/local/apache/bin/httpd



	HTTPD='chroot /opt/chroot /usr/local/apache/bin/httpd'



chroot






chroot
chrootchroot
 pw 
vipw (vi)
 ldconfig 





yuuji@gentei.org
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX [Tweet]