Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[HOWTO] Chrooting monkeyd HTTP server
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
ka0ttic
Retired Dev
Retired Dev


Joined: 23 Oct 2003
Posts: 46
Location: Ormond Beach, FL

PostPosted: Mon May 03, 2004 2:46 pm    Post subject: [HOWTO] Chrooting monkeyd HTTP server Reply with quote

[HOWTO] Chrooting monkeyd HTTP server
Aaron Walker http://ka0ttic.dyndns.org

Initial Revision

Introduction

This HOWTO will attempt to describe the process of setting up the monkeyd HTTP daemon inside a chroot environment. With exception to specific file names and libs, this document could easily be applied to other network daemons. Some are easier to setup than others. For example, chrooting apache is usally a little harder just because its a larger program, uses more libs, and more files (hence more files that you need inside the chroot environment).

This document assumes the following are installed:

    net-www/monkeyd
    app-misc/jail


NOTE: the rest of the document assumes you are running the specified commands as root.

Setting up chroot environment

If you didn't install jail, then you will have to create the minimum chroot environment yourself. It mostly involves copying creating things like /etc/passwd and /etc/group as well as essential device files (read mknod manual page).

jail makes this process much easier with just issuing a few commands. First, however, you must decide where you want your chroot environment to live. I simply close to keep it in /chroot/monkeyd.

Code:

# mkdir /chroot
# mkjailenv /chroot/monkeyd


mkjailenv will create:

    dev/null
    dev/urandom
    dev/zero
    etc/group
    etc/passwd
    etc/shadow


If running monkeyd as user nobody (the default), then you won't have to edit etc/passwd.
It is always recommended for a daemon to run with its own unique user id/group id, however.

Next, we want to add most of the coreutils such as cp,mv,ls,head, tail, etc by running:

Code:

# addjailsw /chroot/monkeyd


We should now be able to chroot to our new environment and test it out:

Code:

# chroot /chroot/monkeyd /bin/sh


You should now be inside your chroot jail. Of course, at this time, there's not much you can do besides cd'ing to directories, copying files, etc. Go ahead and logout (CTRL-D) for now.

Depending on what you plan on doing, it may be necessary to install other software inside
the chroot environment. For example, if you plan on running CGI scripts using perl, you will
need to install perl. This is easily done with the -P command-line option of addjailsw:

Code:

# addjailsw /chroot/monkeyd -P perl


I've had mixed results using addjailsw with the -P command-line option. I originally tried to
negate the whole purpose of this HOWTO by trying it with monkeyd, however, addjailsw just hung there, so YMMV.

Setting up monkeyd

Firstly, we'll need to copy monkeyd's config dir from /etc/monkeyd to /chroot/monkeyd/etc:

Code:

# cp -Rp /etc/monkeyd /chroot/monkeyd/etc


Next, we'll want to setup our DocRoot:

Code:

# mkdir -p /chroot/monkeyd/www/htdocs
# mkdir /chroot/monkeyd/www/cgi-bin


Copy over all the files you want in your DocRoot. Now edit /chroot/monkeyd/etc/monkeyd/monkey.conf (if you named your directories differently then of course change the names). All the paths in monkey.conf will be relative to the chroot environment, so your DocRoot, /chroot/monkeyd/www/htdocs, will need to be specified as /www/htdocs, etc.

monkey.conf (only relevant stuff is shown below):

Code:

Server_root   /www/htdocs
# if you use the default /var/run/monkey.pid
# you will need to create /chroot/monkeyd/var/run
PidFile      /monkey.pid
AccessLog  /access.log  # same as above for /chroot/monkeyd/var/log 
ErrorLog    /error.log
Server_ScriptAlias   /cgi-bin/   /www/cgi-bin


Now, copy /usr/bin/monkey to the chroot environment:

Code:

# cp /usr/bin/monkey /chroot/monkeyd/usr/bin


If you chrooted now and ran monkeyd, it would run, but as I found out, upon receiving its first request, it would die with:

Code:

Monkey HTTP Daemon 0.8.2
Built : May  1 2004 17:50:56
Home  : http://monkeyd.sourceforge.net
libgcc_s.so.1 must be installed for pthread_cancel to work


The location of libgcc_s.so.1 may vary on your system, depending on what version of gcc you have installed. I suggest using slocate to find it:

Code:

# slocate libgcc_s.so.1


I just upgraded to gcc-3.3.3 myself, so mine is located at /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.3/libgcc_s.so.1

Once you've located it, copy it over to the chroot environment. Placing it in /chroot/monkeyd/lib will work just fine.

Testing it out

Well, we've got all the needed files in place. Now let's test it out and make sure it's working properly:

Code:

# chroot /chroot/monkeyd /usr/bin/monkey
Monkey HTTP Daemon 0.8.2
Built : May  1 2004 17:50:56
Home  : http://monkeyd.sourceforge.net


Looks like its working ;) It will just hang there until you hit CTRL-C since we didn't start
it as a daemon (with the -D command-line option). Make sure you try to access the server
from a web browser to make sure it is working. Once you've verified that it's working, you can go ahead and hit CTRL-C.

Editing the startup scripts

I don't know about you, but I wouldn't want to type that chroot command every time I wanted
to start monkeyd, so a little editing will be required.

Open up /etc/conf.d/monkeyd in your favorite editor and make sure it has the following:

Code:

MONKEY_CHROOTDIR=/chroot/monkeyd
MONKEY_PID=${MONKEY_CHROOTDIR}/monkey.pid


If you decided to use the default location of /var/run/monkey.pid in monkey.conf, then you need to set $MONKEY_PID to ${MONKEY_CHROOTDIR}/var/run/monkey.pid instead.

Now edit /etc/init.d/monkeyd and make sure it has the following:

Code:

depend() {
   need net
}

start() {
   ebegin "Starting monkeyd in chroot environment"
   /bin/chroot ${MONKEY_CHROOTDIR} /usr/bin/monkey -D start &>/dev/null
   eend $?
}

stop() {
   ebegin "Stopping monkeyd"
   /bin/chroot ${MONKEY_CHROOTDIR} /usr/bin/monkey stop &>/dev/null
   ret=$?
   eend ${ret}
   
   if [ ${ret} -ne 0 ] && [ -f ${MONKEY_PID} ] ; then
      ebegin "  Killing monkeyd"
      kill `cat ${MONKEY_PID}` &>/dev/null
      eend $?
      rm -f ${MONKEY_PID} &>/dev/null
   fi
}


You should now be able to start and stop monkeyd as you usually would under Gentoo:

Code:

# /etc/init.d/monkeyd start
 * Re-caching dependency info (mtimes differ)...
 * Starting monkeyd in chroot environment...                              [ ok ]


If you set the AccessLog variable in monkey.conf to /access.log then it will be located
in /chroot/monkeyd/access.log. Otherwise it will be located in /chroot/monkeyd/var/log/access.log.

And that's it! Hopefully everything went smoothly for you. Feel free to post any
comments/suggestions/corrections.[/url]
Back to top
View user's profile Send private message
revertex
l33t
l33t


Joined: 23 Apr 2003
Posts: 806

PostPosted: Wed Jun 09, 2004 11:14 am    Post subject: Reply with quote

Nice, i like monkeyd a lot, running in chroot is really easy thanks to your tutorial.
Back to top
View user's profile Send private message
bakreule
Apprentice
Apprentice


Joined: 27 Aug 2003
Posts: 233
Location: Paris, France

PostPosted: Thu Jun 24, 2004 11:58 am    Post subject: syslogging? Reply with quote

Excellent little article! I was having some troubles getting an identd server chroot'd, but it works fine after following your instructions.

I have a question regarding syslogging though. Is it possible to permit a chrooted daemon to send messages to the system logger? If the logger is listening on a device, it should be possible, though I'm not experienced enough to get it up and running.
Back to top
View user's profile Send private message
hansmaa
n00b
n00b


Joined: 11 Feb 2005
Posts: 69

PostPosted: Sat Apr 09, 2005 9:57 am    Post subject: Reply with quote

Hi!

I followed your example to the letter (paste & copy), figuring this being a safer way to run monkeyd.

However, I am unable to chroot!
Code:
root@gentoo / # chroot /chroot/monkeyd /bin/sh
chroot: cannot run command `/bin/sh': No such file or directory


Can anyone tell me why (since I've done exactly as the HOWTO said)??
Back to top
View user's profile Send private message
cheops05
n00b
n00b


Joined: 03 Jan 2005
Posts: 62

PostPosted: Sat Apr 09, 2005 3:12 pm    Post subject: Reply with quote

I would guess you need to copy /bin/sh to your /chroot/monkeyd/bin directory

Cheops
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum