nginx Chroot Helper Bash Shell Script To Copy Libs To /lib64 and /usr/lib64

by on April 6, 2010 · 2 comments

  1. #!/bin/bash
  2. set -e
  3. # Use this script to copy shared (libs) files to nginx chrooted
  4. # jail server. This is tested on 64 bit Linux (Redhat and Friends only)
  5. # ----------------------------------------------------------------------------
  6. # Written by Vivek Gite <http://www.cyberciti.biz/>
  7. # (c) 2006 nixCraft under GNU GPL v2.0+
  8. # Last updated on: Apr/06/2010 by Vivek Gite
  9. # ----------------------------------------------------------------------------
  10. # + Added ld-linux support
  11. # + Added error checking support
  12. # + Added nginx suupport
  13. # + Added for loop so that we can process all files on cmd
  14. # ----------------------------------------------------------------------------
  15. # See url for usage:
  16. # http://www.cyberciti.biz/faq/howto-run-nginx-in-a-chroot-jail/
  17. # ----------------------------------------------------------------------------
  18. # Set CHROOT directory name
  19. BASE="/nginx"
  20. file="$@"
  21.  
  22. sync_suppot_libs(){
  23. local d="$1" # JAIL ROOT
  24. local pFILE="$2" # copy bin file libs
  25. local files=""
  26. local _cp="/bin/cp"
  27.  
  28. # get rid of blanks and (0x00007fff0117f000)
  29. files="$(ldd $pFILE | awk '{ print $3 }' | sed -e '/^$/d' -e '/(*)$/d')"
  30.  
  31. for i in $files
  32. do
  33. dcc="${i%/*}" # get dirname only
  34. [ ! -d ${d}${dcc} ] && mkdir -p ${d}${dcc}
  35. ${_cp} -f $i ${d}${dcc}
  36. done
  37.  
  38. # Works with 32 and 64 bit ld-linux
  39. sldl="$(ldd $pFILE | grep 'ld-linux' | awk '{ print $1}')"
  40. sldlsubdir="${sldl%/*}"
  41. [ ! -f ${d}${sldl} ] && ${_cp} -f ${sldl} ${d}${sldlsubdir}
  42. }
  43.  
  44. usage(){
  45. echo "Syntax : $0 /usr/local/nginx/sbin/nginx"
  46. echo "Example: $0 /usr/bin/php5-cgi"
  47. exit 1
  48. }
  49.  
  50. [ $# -eq 0 ] && usage
  51. [ ! -d $BASE ] && mkdir -p $BASE
  52.  
  53. # copy all files
  54. for f in $file
  55. do
  56. sync_suppot_libs "${BASE}" "${f}"
  57. done


4000+ howtos and counting! If you enjoyed this article, join 45000+ others and get free email updates!

Click here to subscribe via email.

  • Rahul Panwar

    Hi,

    I am using this script to prepare the jail root for SSH users. It is working fine if any given command’s lib does not already exist in the BASE dir. But if any file already exist it does not accept the multiple commands as argument, it exit after existing command.

    For example, if i execute this script as follows:
    n2chroot /bin/bash # It works fine
    n2chroot /bin/bash /bin/ls # It exit after /bin/bash as it was already exist there.

    Actually it exit from the function “sync_suppot_libs” when it found the any file already exist.

    When i change the last condition in function “sync_suppot_libs”
    [ ! -f ${d}${sldl} ] && ${_cp} -f ${sldl} ${d}${sldlsubdir}
    to
    if [ ! -f ${d}${sldl} ]; then
    ${_cp} -f ${sldl} ${d}${sldlsubdir}
    fi
    It start working properly.
    May be you want to change in your script also. I also add few more lines at the end of function “sync_suppot_libs” as follows:
    ==========================================
    #Copy the given file to the base directory
    dcc=”${pFILE%/*}” #get dirname for given file

    [ ! -d ${d}${dcc} ] && mkdir -p ${d}${dcc}
    # [ ! -f ${d}${pFILE} ] && ${_cp} -f ${pFILE} ${d}${pFILE}

    if [ ! -f ${d}${pFILE} ]; then
    ${_cp} -f ${pFILE} ${d}${pFILE}
    fi
    ==========================================

    Thanks & Regards,
    Rahul Panwar

  • Debrah

    I’m imerpssed! You’ve managed the almost impossible.

Previous Script:

Next Script: