Portal Home > Knowledgebase > Articles Database > Centos How i build a chroot for Postfix/Mysql/Apache
Centos How i build a chroot for Postfix/Mysql/Apache
Posted by Slatko, 05-15-2011, 03:11 PM |
Hello
I use Centos 5.4 on an Vserver.
Now i want try to make the mail-server(postfix/Dovecot/clamav/etc.) in an own Jail/chroot.
The Mysql in an own Jail/chroot, and apache with modsecurity in an own Jail/chroot.
I search with goole but i dont find the right answer.
How i build an chroot?
How i find out what files must be copy in the chroot?
After copy files in chroot can i deinstall the program than in main system?
thanks
|
Posted by wartungsfenster, 05-15-2011, 03:57 PM |
there's an easy and a hard way.
it feels too much to explain the hard way (using ldd to build the most minimal chroot)
the easy way would be to use the --root option for rpm to install stuff into the to-be-chroot instead of the base system.
note that doesn't work using yum, that means the next little hurdle is that you'll have to manually add a lot of rpms to this chroot. start with the one callled "setup" and "filesystem" and also look for the utility "pkgorder" from anaconda-runtime.
Err yeah, and expect it to take a few days till you got it done.
Last:
- If I were you I'd go and try to use FreeBSD jails instead.
- CentOS 5.4 is horribly outdated.
edit: i wonder if there's a script to do all that, but i unfortunately don't know it. "rpmstrap" is the closest to this that I know of.
|
Posted by wartungsfenster, 05-15-2011, 04:01 PM |
And a moment later I remembered that I used to do chroot installs with Yum...
Found this and I think it will work for you.
http://prefetch.net/articles/yumchrootlinux.html
The difference between yum and rpm chrooting is that with rpm you can disable dependencies and get a really really small chroot, wheres using yum means something a little larger.
rgds
Flo
|
Posted by Slatko, 05-15-2011, 04:30 PM |
Danke für deine Hilfe.
What makes FreeBSD easyer for building an chroot?
|
Posted by david510, 05-16-2011, 09:00 AM |
You can use mod_chroot for chroot apache environment.
|
Posted by wartungsfenster, 05-16-2011, 05:26 PM |
The effort is about the same, but you get more from it - instead of a plain chroot you use jails where even root processes are heavily restricted.
But hmm, just try the yum chroot for a start and then see if you need more.
mod_chroot is probably just moving the apache process to a different directory after start, which is not as robust.
But far better than (i guess) 70% of apache installs.
|
Add to Favourites Print this Article
Also Read
backup cpanel (Views: 589)