Log in as the superuser.
su
Change to the chroot directory. This is typically the vs_dir directory mentioned in the previous section.
cd chroot
Create tmp in the chroot directory:
mkdir tmp
chmod 1777 tmp
Create dev in the chroot directory:
mkdir dev
chmod 755 dev
List /dev/tcp, and note the major and minor numbers of the resulting output. In this example, the major number is 11 and the minor number is 42:
ls -lL /dev/tcp
crw-rw-rw- 1 root sys 11, 42 Apr 9 1998 /dev/tcp
Create the tcp device using the major and minor numbers:
mknod dev/tcp c 11 42
chmod 666 dev/tcp
Repeat steps 5 and 6 for each of the following devices each device will have a different major and minor combination:
/dev/udp /dev/ip /dev/kmem /dev/kstat /dev/ksyms /dev/mem /dev/null /dev/stderr /dev/stdin /dev/stdout /dev/ticotsord /dev/zero
Set permissions on the devices in dev in the chroot directory:
chmod 666 dev/*
Create and populate lib and usr/lib in the chroot directory:
mkdir usr
mkdir usr/lib
ln -s /usr/lib
ln /usr/lib/* usr/lib
You can ignore the messages this command generates.
If the /usr/lib directory is on a different file system, replace the last command with the following:
cp -rf /usr/lib/* usr/lib
Create and populate bin and usr/bin in the chroot directory:
mkdir usr/bin
ln -s /usr/bin
ln /usr/bin/* usr/bin
You can ignore the messages this command generates.
If the /usr/bin directory is on a different file system, replace the last command with the following:
cp -rf /usr/bin/* usr/bin
Create and populate etc in the chroot directory:
mkdir etc
ln /etc/passwd /etc/group /etc/netconfig etc
Test the chroot environment:
chroot chroot bin/ls -l
The output should look something like this:
lrwxrwxrwx 1 root other 8 Jan 13 03:32 bin -> /usr/bin drwxr-xr-x 2 user group 512 Jan 13 03:42 cgi-bin drwxr-xr-x 2 root other 512 Jan 13 03:28 dev drwxr-xr-x 2 user group 512 Jan 13 03:26 docs drwxr-xr-x 2 root other 512 Jan 13 03:33 etc lrwxrwxrwx 1 root other 8 Jan 13 03:30 lib -> /usr/lib drwxr-xr-x 4 root other 512 Jan 13 03:32 usr
Now you can set the chroot directory of the virtual server in one of these ways:
Use the chroot parameter of the send-cgi Service SAF in the obj.conf file, see the Sun Java System Web Server 6.1 SP6 Administrator’s Configuration File Reference.
Enter this information using the Settings page in the Preferences tab of the Virtual Server Manager, see the Sun Java System Web Server 6.1 SP6 Administrator’s Guide.