To specify a Chroot Directory for a Virtual Server

1. Log in as the superuser.

   su

2. Change to the chroot directory. This is typically the vs_dir directory mentioned in the previous section.

   cd chroot

3. Create tmp in the chroot directory:

   mkdir tmp

   chmod 1777 tmp

4. Create dev in the chroot directory:

   mkdir dev

   chmod 755 dev

5. List /dev/tcp, and note the major and minor numbers of the resulting output. In this example, the major number is 11 and the minor number is 42:

   ls -lL /dev/tcp

   crw-rw-rw- 1 root sys 11, 42 Apr 9 1998 /dev/tcp

6. Create the tcp device using the major and minor numbers:

   mknod dev/tcp c 11 42

   chmod 666 dev/tcp

7. Repeat steps 5 and 6 for each of the following devices each device will have a different major and minor combination:

   /dev/udp /dev/ip /dev/kmem /dev/kstat /dev/ksyms /dev/mem /dev/null /dev/stderr /dev/stdin /dev/stdout /dev/ticotsord /dev/zero

8. Set permissions on the devices in dev in the chroot directory:

   chmod 666 dev/*

9. Create and populate lib and usr/lib in the chroot directory:

   mkdir usr

   mkdir usr/lib

   ln -s /usr/lib

   ln /usr/lib/* usr/lib

   You can ignore the messages this command generates.

   If the /usr/lib directory is on a different file system, replace the last command with the following:

   cp -rf /usr/lib/* usr/lib

10. Create and populate bin and usr/bin in the chroot directory:

    mkdir usr/bin

    ln -s /usr/bin

    ln /usr/bin/* usr/bin

    You can ignore the messages this command generates.

    If the /usr/bin directory is on a different file system, replace the last command with the following:

    cp -rf /usr/bin/* usr/bin

11. Create and populate etc in the chroot directory:

    mkdir etc

    ln /etc/passwd /etc/group /etc/netconfig etc

12. Test the chroot environment:

    chroot chroot bin/ls -l

    The output should look something like this:

    lrwxrwxrwx   1 root   other   8 Jan 13 03:32 bin -> /usr/bin
    drwxr-xr-x   2 user    group   512 Jan 13 03:42 cgi-bin
    drwxr-xr-x   2 root   other   512 Jan 13 03:28 dev
    drwxr-xr-x   2 user    group   512 Jan 13 03:26 docs
    drwxr-xr-x   2 root   other   512 Jan 13 03:33 etc
    lrwxrwxrwx   1 root   other   8 Jan 13 03:30 lib -> /usr/lib
    drwxr-xr-x   4 root   other   512 Jan 13 03:32 usr

    Now you can set the chroot directory of the virtual server in one of these ways:

    • Use the chroot parameter of the send-cgi Service SAF in the obj.conf file, see the Sun Java System Web Server 6.1 SP12 Administrator’s Configuration File Reference.

    • Enter this information using the Settings page in the Preferences tab of the Virtual Server Manager, see the Sun Java System Web Server 6.1 SP12 Administrator’s Guide.