Lousy jailed-lighttpd scripts

Now, jailed has its own automated scripts to generate its own proper fully-contained jails (as far as “jails” on GNU/Linux go, that is; they’re chroots, actually).

The following scripts are leftovers from me trying to do the same, before finding out that the utilities are already there. They have been lying around for quite some time. I’m just copying them here so I can delete them from the home dir.

=====

jailed-lighttpd-install
—–

#!/bin/sh
# Create a jail for lighttpd

jail=/jail/lighttpd

mkdir -p $jail
cd $jail

mkdir tmp
chmod 1777 tmp

mkdir -p        var/log/lighttpd var/run/lighttpd home/http
chown http:http var/log/lighttpd var/run/lighttpd home/http
chmod a+rx      var/log/lighttpd var/run/lighttpd home/http

mkdir etc
cp -avr /etc/php etc/
cp -v /etc/hosts /etc/nsswitch.conf /etc/resolv.conf /etc/services /etc/localtime etc/
cp -v /etc/group /etc/host.conf /etc/passwd /etc/protocols etc/

mkdir -p usr/bin
cp /usr/bin/php /usr/bin/php-cgi usr/bin/

# read l2chroot before use
./l2chroot /usr/bin/php
./l2chroot /usr/bin/php-cgi

# just in case some permissions were forgotten...
chmod a+rx $jail

=====

jailed-lighttpd.rc
—–

#!/bin/bash

# general config
. /etc/rc.conf
. /etc/rc.d/functions

jailroot=/jail/lighttpd
function jailcmd () {
su http -c "$*"
}

PID=`pidof -o %PPID /usr/sbin/lighttpd`

case "$1" in
start)
stat_busy "Starting jailed lighttpd Daemon"
[ -z "$PID" ] && jk_chrootlaunch -j $jailroot -x /usr/sbin/lighttpd -- -f /etc/lighttpd/lighttpd.conf 2>&1
if [ $? -gt 0 ]; then
stat_fail
else
add_daemon lighttpd
stat_done
fi
;;
stop)
stat_busy "Stopping jailed lighttpd Daemon"
[ ! -z "$PID" ] && jailcmd kill $PID &>/dev/null
if [ $? -gt 0 ]; then
stat_fail
else
rm_daemon lighttpd
rm -f $jailroot/var/run/lighttpd/lighttpd.pid
stat_done
fi
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
echo "usage: $0 {start|stop|restart}"
esac

=====

l2chroot
—–

#!/bin/bash
# Use this script to copy shared (libs) files to Apache/Lighttpd chrooted
# jail server.
# ----------------------------------------------------------------------------
# Written by nixCraft <http://www.cyberciti.biz/tips/>
# (c) 2006 nixCraft under GNU GPL v2.0+
# + Added ld-linux support
# + Added error checking support
# ------------------------------------------------------------------------------
# See url for usage:
# http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html
# -------------------------------------------------------------------------------
# Set CHROOT directory name
BASE="/jail/lighttpd"

if [ $# -eq 0 ]; then
echo "Syntax : $0 /path/to/executable"
echo "Example: $0 /usr/bin/php5-cgi"
exit 1
fi

[ ! $BASE ] && mkdir -p $BASE || :

# iggy ld-linux* file as it is not shared one
FILES="$(ldd $1 | awk '{ print $3 }' |egrep -v ^'\(')"

echo "Copying shared files/libs to $BASE..."
for i in $FILES
do
d="$(dirname $i)"
[ ! -d $BASE$d ] && mkdir -p $BASE$d || :
/bin/cp $i $BASE$d
done

# copy /lib/ld-linux* or /lib64/ld-linux* to $BASE/$sldlsubdir
# get ld-linux full file location
sldl="$(ldd $1 | grep 'ld-linux' | awk '{ print $1}')"
# now get sub-dir
sldlsubdir="$(dirname $sldl)"

if [ ! -f $BASE$sldl ];
then
echo "Copying $sldl $BASE$sldlsubdir..."
/bin/cp $sldl $BASE$sldlsubdir
else
:
fi

=====

There. Sorry for the tabbing, it went AWOL.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: