From 69b57df11aeeaec92ade74950198bab93b7b2e83 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Wed, 18 Oct 2006 12:29:13 +0000 Subject: Add my chroot-accounts.create-master-chroot git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@195 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede --- bin/chroot-accounts.create-master-chroot | 92 ++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100755 bin/chroot-accounts.create-master-chroot diff --git a/bin/chroot-accounts.create-master-chroot b/bin/chroot-accounts.create-master-chroot new file mode 100755 index 0000000..cda1d6e --- /dev/null +++ b/bin/chroot-accounts.create-master-chroot @@ -0,0 +1,92 @@ +#!/bin/bash + +# +# Copyright (c) 2004 Peter Palfrader +# +# All rights reserved. +# + + +set -e # Exit immediately if a *simple command* exits with a non-zero status. +set -u # Treat unset variables as an error + +targetdir=/chroot-accounts/MasterChroot +BINARIES="\ +/usr/lib/sftp-server +/lib/tls/libpthread-0.60.so +/bin/ls +/usr/bin/scp +/bin/rm +/bin/ln +/bin/mv +/bin/chmod +/bin/chown +/bin/chgrp +/bin/mkdir +/bin/rmdir +/bin/pwd +/usr/bin/groups +/usr/bin/id +/bin/echo +/usr/bin/rsync +/usr/bin/unison" + +[ -d $targetdir ] || mkdir -p $targetdir + +# we don't want to delete bin usr lib themselves, as +# they are bind mounted all over the place and we would +# have to remount them. So we just delete everything +# below them to clean up + +# This is dangerous: -xdev doesn't protect us from bind mounts +#for dir in bin usr lib ; do +# find $targetdir/$dir -xdev -mindepth 1 -print0 | xargs --no-run-if-empty -0 rm -rf +#done +for dir in bin lib/tls lib usr/lib/i686/cmov usr/lib/i686 usr/lib usr/bin usr; do + dir=$targetdir/$dir + if [ -e "$dir" ]; then + find "$dir" -mindepth 1 -maxdepth 1 -print0 | while read -rd '' file; do + if [ -f "$file" ]; then + rm -f "$file" + fi; + done + fi +done +for dir in usr/lib/i686/cmov usr/lib/i686 usr/lib usr/bin; do + dir=$targetdir/$dir + [ -d "$dir" ] && rmdir "$dir" +done +for dir in usr lib/tls bin; do + dir=$targetdir/$dir + if [ -n "$(ls -A "$dir")" ]; then + echo "'$dir' should be empty, but isn't." >&2 + exit 1 + fi +done + +LIB_LIST=$( ldd $BINARIES 2> /dev/null | + cut -f2 -d\> | + cut -f1 -d'(' | + grep "^ " | + sort -u ) + +LDSO_LIST="/lib/ld.so /libexec/ld-elf.so /libexec/ld-elf.so.1 /usr/libexec/ld.so /lib/ld-linux.so.2 /usr/libexec/ld-elf.so.1" +for lib in $LDSO_LIST; do + if [ -f $lib ]; then + LIB_LIST="$LIB_LIST $lib" + fi +done + +LIB_LIST="$LIB_LIST /lib/libnss_compat*" + +for bin in $BINARIES $LIB_LIST; do + mkdir -p $targetdir/`/usr/bin/dirname $bin` + cp $bin $targetdir$bin +done + +for dir in bin usr lib ; do + find $targetdir/$dir -xdev -type d -print0 | xargs --no-run-if-empty -0 chmod 0111 + find $targetdir/$dir -xdev -print0 | xargs --no-run-if-empty -0 chmod a-w + find $targetdir/$dir -xdev -type f -perm +0111 -print0 | xargs --no-run-if-empty -0 chmod a-r +done +chmod 444 $targetdir/lib/tls/lib*.so* -- cgit v1.2.3