diff options
| author | Peter Palfrader <peter@palfrader.org> | 2006-10-18 12:29:13 +0000 |
|---|---|---|
| committer | weasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede> | 2006-10-18 12:29:13 +0000 |
| commit | 69b57df11aeeaec92ade74950198bab93b7b2e83 (patch) | |
| tree | eb9cba685af98429886e883e5c998499c935e10e | |
| parent | 7a588d8a3cce20348793ea8cccee570a34e9e141 (diff) | |
Add my chroot-accounts.create-master-chroot
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@195 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
| -rwxr-xr-x | bin/chroot-accounts.create-master-chroot | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/bin/chroot-accounts.create-master-chroot b/bin/chroot-accounts.create-master-chroot new file mode 100755 index 0000000..cda1d6e --- /dev/null +++ b/bin/chroot-accounts.create-master-chroot @@ -0,0 +1,92 @@ +#!/bin/bash + +# +# Copyright (c) 2004 Peter Palfrader <peter@palfrader.org> +# +# All rights reserved. +# + + +set -e # Exit immediately if a *simple command* exits with a non-zero status. +set -u # Treat unset variables as an error + +targetdir=/chroot-accounts/MasterChroot +BINARIES="\ +/usr/lib/sftp-server +/lib/tls/libpthread-0.60.so +/bin/ls +/usr/bin/scp +/bin/rm +/bin/ln +/bin/mv +/bin/chmod +/bin/chown +/bin/chgrp +/bin/mkdir +/bin/rmdir +/bin/pwd +/usr/bin/groups +/usr/bin/id +/bin/echo +/usr/bin/rsync +/usr/bin/unison" + +[ -d $targetdir ] || mkdir -p $targetdir + +# we don't want to delete bin usr lib themselves, as +# they are bind mounted all over the place and we would +# have to remount them. So we just delete everything +# below them to clean up + +# This is dangerous: -xdev doesn't protect us from bind mounts +#for dir in bin usr lib ; do +# find $targetdir/$dir -xdev -mindepth 1 -print0 | xargs --no-run-if-empty -0 rm -rf +#done +for dir in bin lib/tls lib usr/lib/i686/cmov usr/lib/i686 usr/lib usr/bin usr; do + dir=$targetdir/$dir + if [ -e "$dir" ]; then + find "$dir" -mindepth 1 -maxdepth 1 -print0 | while read -rd '' file; do + if [ -f "$file" ]; then + rm -f "$file" + fi; + done + fi +done +for dir in usr/lib/i686/cmov usr/lib/i686 usr/lib usr/bin; do + dir=$targetdir/$dir + [ -d "$dir" ] && rmdir "$dir" +done +for dir in usr lib/tls bin; do + dir=$targetdir/$dir + if [ -n "$(ls -A "$dir")" ]; then + echo "'$dir' should be empty, but isn't." >&2 + exit 1 + fi +done + +LIB_LIST=$( ldd $BINARIES 2> /dev/null | + cut -f2 -d\> | + cut -f1 -d'(' | + grep "^ " | + sort -u ) + +LDSO_LIST="/lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1" +for lib in $LDSO_LIST; do + if [ -f $lib ]; then + LIB_LIST="$LIB_LIST $lib" + fi +done + +LIB_LIST="$LIB_LIST /lib/libnss_compat*" + +for bin in $BINARIES $LIB_LIST; do + mkdir -p $targetdir/`/usr/bin/dirname $bin` + cp $bin $targetdir$bin +done + +for dir in bin usr lib ; do + find $targetdir/$dir -xdev -type d -print0 | xargs --no-run-if-empty -0 chmod 0111 + find $targetdir/$dir -xdev -print0 | xargs --no-run-if-empty -0 chmod a-w + find $targetdir/$dir -xdev -type f -perm +0111 -print0 | xargs --no-run-if-empty -0 chmod a-r +done +chmod 444 $targetdir/lib/tls/lib*.so* |