home  wiki



Perhaps you want to test the latest bleeding-edge release of the Apache webserver. Or maybe you would like to let some friends host a website on your production system without letting them near your pristine configuration. Maybe you are paranoid and like to keep each application seperate from each other to minimise potential security problems. Whatever your intentions for setting up a chroot jail, the last thing you need is to spend hours configuring each jailed environment. Enter debootstrap to create a Debian chroot jail - all the power and ease of Debian in the secure jail you demand!


You need to have a clear idea of what you intend on achieving before you begin. This example will focus on running a webserver from the Debian distribution, to be administered by a friend who we don't trust enough to have an account on the host system.


Our goals for the purpose of this example will be to:


Layout on the host system is non-consequental for operation of the jail, but careful planning will save you effort in the long-term. It makes sense to keep things laid out in a logical manner by keeping like things together. The basic purpose of chroot is to provide a filesystem sandbox, that is to remap one directory to be the root directory (/) for the chroot'ed program.
To this end, I suggest you keep all chroot'ed jail directories in a common location. I like to use /chroot/<systemname>/ where systemname is a basic description of what the chroot jail is for.

Starting out

Create the host directory

mkdir -p /chroot/webserver

Install debootstrap

apt-get install debootstrap / up2date install debootstrap / ...

Install the base system

debootstrap --arch i386 woody /chroot/webserver

Using your chroot jail

Root shell

chroot /chroot/webserver /bin/bash
chroot /chroot/webserver su -

Upgrading to Debian testing

apt-get for beginners

vi /etc/apt/sources.list
apt-get update
apt-get dist-upgrade

Installing software


apt-get install apache php4 mysql-server

System administration

apt-get install ssh
vi /etc/ssh/sshd_config
/etc/init.d/ssh restart

Adding user accounts

vi /etc/adduser.conf
adduser bob
su - bob
usermod -G www-data bob

adduser sally
usermod -G www-data sally

Bother! I'm due to go out 30 minutes ago, and this is nowhere near finished! Check back soon to see the rest of the howto... untill then, adios! -- TysonClugg.

Version 2 (current) modified Tue, 03 Jul 2007 23:11:57 +1000 by graybeard
[EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]
> home> about> events> files> members> maps> wiki board   > home   > categories   > search   > changes   > formatting   > extras> site map


 Remember me.

> forgotten password?
> register?
currently 0 users online
Node Statistics