yummy chroots Building chroots with yum on fedora 16

We’re going to build a minimal chroot directory for Fedora 16 using yum and rpm, we are using the ChrootDirectory functionality of Openssh which only came in >= 4.9p1

Credit goes Here for a great article getting me started on this.

As root:

mkdir --mode=700 -p /chroot/chrootuser
rpm --root /chroot/chrootuser --initdb
yumdownload --destdir=/var/tmp fedora-release
rpm --root /chroot/chrootuser -ivh --nodeps /var/tmp/fedora-release*rpm
yum --installroot=/chroot/chrootuser -y install bash
yum --installroot=/chroot/chrootuser -y install coreutils
groupadd chrooted

Edit /etc/ssh/sshd_config

Match Group chrooted
        ChrootDirectory /chroot/%u
        AllowTcpForwarding no
        X11Forwarding no
        AllowAgentForwarding no
        PermitRootLogin no
        ForceCommand /bin/bash

And restart the service: systemctl restart sshd.service

Add the user:

useradd -G chrooted -d /chroot/chrootuser chrootuser

ssh in as the user and they will be in the jailed directory

Oneiroi

Yummy Chroots Building Chroots With Yum on Fedora 16

Comments