The for loop to copy all of those directories for pretty cool. That could save me a lot headache in the pass when copy certain folders in a directory. Great Job!
You know dear Andrew, there are a few people like you in the world that like to share their knowledge and let others have progress in their work and life. I think one of my owe to the open source industry is to share my experience and knowledge to others.
Can't understand why did you put an additional space after the closing single quote before the closing double quotes. Why don't type just "PS1='JAIL $ '"?.
/bashjail/root must be created and inside this root directory the hidden file .bashrc with PS1="JAIL $" otherwise no pompt JAIL $ will be set. This is for Centos 9 in my particular case.
Hi Tux; What are the implications / best practices around libraries that are symbolically linked, such as when there are different versions? I take it one would need to copy over the destination file from the link, rather than the symbolic link itself?
It's been now 4 solid days for me to try and solve my problem and now reaching to explain what it is that I am working on and asking for opinions or ideas. I am moving a bunch of websites away from the industry standard web hosting automation system known as WHM by cPanel. The problem i am running into seems to be how all this stuff works. Here's my best explaination: Each "account" is devoted to one or more websites per account. Users can, if granted access, be able to ssh into their account with limited access to files. They can also modify files via sftp or scp using programs like WS_FTP, WinSCP, Filezilla, etc. These programs use SSH2 or SFTP protocols and require bash on the server to operate. Whether they are logged into ssh or sftp, they are limited to seeing ONLY the files within their 'account". Sadly, i cannot seem to find anyone who's solved this AND shared how they have this setup. Every solution I have tried I was able to break out of the chroot or jail. It is very important that this gets solved because I am working on a cPanel clone to give to the community at large. I want the same functionality for DIY web hosting with best security practices, practiced. Hopefully i get a response, and thank you.
I'm know exactly what you're describing with WHM and it's shared accounts on a single server directive. Great idea. Maybe go ahead and open-source what you have now. The community will be more easily able to contribute our help.
Yes, but that is not really the idea of a chroot jail. It is to give limited access to resources. If you like what you describe in having the complete Linux distro in a chroot jail is what you have after an install of Linux. To access the complete distro in a chroot jail though is not uncommon. Fo a Linux recovery, perhaps where a password is unknown you can boot up to a live CD or USD on the system. Mount the real root file system to somwhere like /mnt and then chroot to the directory. When you run the passwd command then you are writing to /mnt/etc/shadow rather than on the USB
@@theurbanpenguin Thanks, but isn't the modern docker/containers the same concept as a chroot jail in terms of apps or whole operating systems as an alternative to virtualization? And this concept resulted in a very popular application on Android named Linux Deploy; however, it seems that chroot is not without it's limitations, resulting in only a minimalistic installation of GNU/Linux with restrictions on what can be done inside. Unfortunately, there's just not enough information/discussion on how it works and why there would be limitations sharing the same kernel. For example, apparently not all commands will work under a chroot container - but since nobody seems to be testing full distros outside of Linux Deploy it's hard to know.
what about process isolation and adding different network settings like ip addresses? perhaps you are also interested in doing such? :) this was very helpful btw!
btw that copy files from ldd part could been more easily done with: ldd /bin/bash | grep -oe '\/\S*' | xargs -I _ cp --parents _ /bashjail ldd /bin/ls | grep -oe '\/\S*' | xargs -I _ cp --parents _ /bashjail (i felt very smart coming up with it)
The for loop to copy all of those directories for pretty cool. That could save me a lot headache in the pass when copy certain folders in a directory. Great Job!
I really love your passion in training, I have certified in lpic1 and 2 with your pretty videos.
Thank you and congratulations on your achievement
You know dear Andrew, there are a few people like you in the world that like to share their knowledge and let others have progress in their work and life.
I think one of my owe to the open source industry is to share my experience and knowledge to others.
2:59 -- ldd command (bash and ls modules or dependencies)
Ok, thank you 👍
Excellent video
You are welcome!
I would write a general comment since a while to thanks for all these wonderful videos. All Theurbanpenguin's videos are very very nice. Thanks
Another excellent video. Thanks.
Can't understand why did you put an additional space after the closing single quote before the closing double quotes. Why don't type just "PS1='JAIL $ '"?.
/bashjail/root must be created and inside this root directory the hidden file .bashrc with PS1="JAIL $" otherwise no pompt JAIL $ will be set. This is for Centos 9 in my particular case.
Hi Tux; What are the implications / best practices around libraries that are symbolically linked, such as when there are different versions? I take it one would need to copy over the destination file from the link, rather than the symbolic link itself?
Thank You...very much sir.
Thanks Jake
helpful, thanks
It's been now 4 solid days for me to try and solve my problem and now reaching to explain what it is that I am working on and asking for opinions or ideas. I am moving a bunch of websites away from the industry standard web hosting automation system known as WHM by cPanel. The problem i am running into seems to be how all this stuff works. Here's my best explaination: Each "account" is devoted to one or more websites per account. Users can, if granted access, be able to ssh into their account with limited access to files. They can also modify files via sftp or scp using programs like WS_FTP, WinSCP, Filezilla, etc. These programs use SSH2 or SFTP protocols and require bash on the server to operate. Whether they are logged into ssh or sftp, they are limited to seeing ONLY the files within their 'account". Sadly, i cannot seem to find anyone who's solved this AND shared how they have this setup. Every solution I have tried I was able to break out of the chroot or jail. It is very important that this gets solved because I am working on a cPanel clone to give to the community at large. I want the same functionality for DIY web hosting with best security practices, practiced. Hopefully i get a response, and thank you.
I'm know exactly what you're describing with WHM and it's shared accounts on a single server directive. Great idea. Maybe go ahead and open-source what you have now. The community will be more easily able to contribute our help.
Is it possible to install a full GNU/Linux distro into a chroot container and then VNC into it with graphics? Why is there no tutorials on that?
Yes, but that is not really the idea of a chroot jail. It is to give limited access to resources. If you like what you describe in having the complete Linux distro in a chroot jail is what you have after an install of Linux. To access the complete distro in a chroot jail though is not uncommon. Fo a Linux recovery, perhaps where a password is unknown you can boot up to a live CD or USD on the system. Mount the real root file system to somwhere like /mnt and then chroot to the directory. When you run the passwd command then you are writing to /mnt/etc/shadow rather than on the USB
@@theurbanpenguin Thanks, but isn't the modern docker/containers the same concept as a chroot jail in terms of apps or whole operating systems as an alternative to virtualization? And this concept resulted in a very popular application on Android named Linux Deploy; however, it seems that chroot is not without it's limitations, resulting in only a minimalistic installation of GNU/Linux with restrictions on what can be done inside. Unfortunately, there's just not enough information/discussion on how it works and why there would be limitations sharing the same kernel. For example, apparently not all commands will work under a chroot container - but since nobody seems to be testing full distros outside of Linux Deploy it's hard to know.
what about process isolation and adding different network settings like ip addresses? perhaps you are also interested in doing such? :) this was very helpful btw!
I like how I just didn't learn chroot here, I learnt inline bash scripting and other commands
A sharp contrast to other videos who barely give you enough info and got twice the subscribers.
what is distribution has used ?
ceerut? is that how people pronounce it? C.H. Root.
CH - from "change"
ROOT - from "root"
change root, chroot.
Please don't see Linux chroots as 'jails' they are trivial to break out of
btw that copy files from ldd part could been more easily done with:
ldd /bin/bash | grep -oe '\/\S*' | xargs -I _ cp --parents _ /bashjail
ldd /bin/ls | grep -oe '\/\S*' | xargs -I _ cp --parents _ /bashjail
(i felt very smart coming up with it)
HK
haha penguin
Floppy