[peruser] сhroot and peruser

Alexey Vlasov renton at 1gb.ru
Sat Dec 1 04:36:55 MST 2007


Hi,

I've got some questions on how chroot works and what for the option chroot
is in peruser.
I want to move allocation of users from where it usually is (/home), and
make isolated sandbox for every user.
Here is what I did.
I created structure of dirs - bin, usr, etc, var in /var/virtwwwroot, and
copied to these dirs some binary tools and all needed for its work libs.
I also created the sandbox at /home/virtwww/chrootuser1, with the same
structure as in  /var/virtwwwroot.

Thus it resulted that home dir of user became -
/home/virtwww/chrootuser1/home/virtwww/user1 and it will be mounted with
--bind in  /home/virtwww/chrootuser1, all the rest from  /var/virtwwwroot.
 
I made chroot in SSH with the help of
http://www.jmcresearch.com/projects/jail.
All scripts excluding PHP execute through suExec and with the help of patch
scripts execute in chroot of user environment. For example, shell command
pvd executed in script through suExec, shows the right path,
/home/virtwww/user1. 

But it didn't work in peruser. Here's the options:

<IfModule peruser.c>
    Processor user1 virtwww /home/virtwww/user1 (or
/home/virtwww/chrootuser1/home/virtwww/user1, or /home/virtwww/chrootuser1 )
</IfModule>

<VirtualHost *>
...
ServerEnvironment user1 virtwww /home/virtwww/user1
...
</VirtualHost>
These all didn't give any result.

The script <?php echo __FILE__; /> shows the wrong path
(/home/virtwww/chrootuser1/home/virtwww/user1/path.php).
Is it possible with the help of peruser do the same as I did in suExec?  Or
what I did is nonsense and nobody does the same?

--
BRGDS. Alexey Vlasov.



More information about the Peruser mailing list