chroot tips

What is chroot?

chroot is a standard Unix command that changes the apparent root directory for the current running process and its children. chroot can be used to create a “jailed” user who is locked into a chosen directory, unable to access anything outside. The thing about chroot is within the “jailed” directory you must copy over all the files, commands and libraries for basic operation of a shell. If you want to use it in a production environment I suggest you check out jailkit for a more secure and featured solution.  I setup a chroot to run Cognos 10.

Here are some tips:

-To force a user to always operates in a chroot set their shell (the 7th field in /etc/passwd) to be a file that executes something like below[1]. You can also set the user’s shell when creating it with the -s option [2]

[1] sudo /usr/bin/chroot /home/$USER /bin/bash

[2] useradd -d /tmp -s /bin/chrootshell $user

-To copying the commands you want to the chroot consists of two commands: ‘which [COMMAND]‘ to find where the command binary is located and ‘ldd [PATH/OF/A/COMMAND]‘ to find the libraries required by that command. Copy the resulting files for each of these commands and they will work in the chroot.

-When in doubt copy all the libraries at /lib/ and /usr/lib/ if chroot programs arn’t working

-don’t put a C compiler into the chroot or they will be able to bust out (so I hear)

-I found that Cognos 10 requires a couple /etc/ files to be copied to the chroot to run in addition to passwd, profile and hostname. I just copied everything in /etc/ to the chroot (this is probably unsecure, can anyone confirm my suspicion?)

-If the program your running in chroot is complicated, you may need to give it proc access. Cognos needed it for java to be able to schedule itself on the CPU. You can mount it like this:
mount -t proc linprocfs /home/c10dp05c/proc

to make this persist after reboots copy the code below into the file /etc/init.d/boot.local

users=$(cat /etc/passwd | grep [something that identifies the user you want proc access for]  | cut -d: -f1)
for u in $users #if you have multiple users
do
 u=/home/$u/proc
 mount -t proc linprocfs $u
done

-Best tutorial http://www.antionline.com/showthread.php?t=248890 lots to learn here… some of what I learned is on this post.

-Again check out jailkit for a more secure and featured solution.

Good luck!

New Google Maps Imagery for GTA

Google has updated the satellite images on Google Maps from Oshawa all the way to Hamilton. It looks great. No clouds and perfect lighting, the Greater Toronto Area has never looked so crisp! You can now zoom in to the max, which is new I believe is new. The pictures seem to be from the summer as the above image shows Toronto’s EX in progress. That narrows it the date down to between August 21 and September 7th, 2009. How nice! My University, UOIT, now displays the new engineering building and wind tunnel that are under construction.

End of UOIT Mobile Learning Laptops (Update: DISPROVED)

Update: Only Durham College students will have a choice of laptops next year. UOIT students will still have to buy into the mobile learning program.

A reporter from The Chronicle today was interviewing students in the Commons about what they think about UOIT ending the laptop program. She stated that next year students will have the choice of either having their own laptop or purchasing the school laptop at a discount. The reported said that the decison has already been made (for Durham College students).

Durham college technology students use the same model of laptops as the UOIT students. In the past they were sold to their students at the discounted price of $600 each. Note that none of the schools plans have been officially announced.

And now my rant:

The mobile learning program is really not useful. It’s expensive. It support is unhelpful, for example: 3 months waiting for a replacement battery & their solution to any problem is reimaging your computer, meaning you lose everything.  The version of Windows XP they put on the computer and want you to use is so slow and buggy. It really makes it not worth getting having their software. I put my own operating system on my computer, and many of my friends do too. It defeats the point of everything. Which is where I find myself at the start again, there is no good point in having the laptop program.

Alexisonfire and Metric at UOIT – The Library Skybox Experience

Just 7 year’s into the world of academia, the University of Ontario Institute of Technology is having both Alexisonfire and Metric on the Quad for a night of fun and mayhem.

Our school has the best O-week band from what I’ve heard and because of the popularity of the bands they sold out of tickets several days in advance. So I’m in the library now, sitting a in a comfy arm chair watching everything happen just outside the window. Sound is great too!

Update:

Ask Randall Munroe (xkcd)

Randall Munroe is probably the most respected cewebrity for his age. A very talented pencil and paper webcomic artist who depicts math, programming, romance and drama. He’s a fan of just answering questions and making jokes so I want give a heads up that he’ll be answering questions September 21th viewable live from Justive.tv. The questions come from redditers and the event is hosted by the Electrontic Frontier Foundation. So it should be fun!

More details to come, maybe we’ll do a viewing party!

read, read