[LinuxFocus-icon]
Ê×Ò³  |  Õ¾µãµØͼ  |  Ë÷Òý  |  ËÑË÷
ÐÂÎÅ | ¹ýÍùÆÚ¿¯ | Á´½Ó | ¹ØÓÚLF
[an error occurred while processing this directive]
[Photo of the Author]
by Mark Nielsen (homepage)

¹ØÓÚ×÷Õß:
Mark ÏÈÉúÊÇһ뽫×Ô¼ºµÄʱ¼ä¶¼¾èÏ׸ø GNUJob.com µÈÊÂÒµµÄ×ÔÓÉ×ÉѯÕߣ¬ËûдÁ˺ܶàµÄÎÄÕºÍ×ÔÓÉÈí¼þ£¬ ²¢ÇÒÊÇeastmont.netµÄÒ»ÃûÖ¾Ô¸Õß¡£
Ŀ¼:

 

Chroot LinuxÖÐËùÓеķþÎñ

[illustration]

ÕªÒª:

¶Ôϵͳ·þÎñ½øÐÐchrootÒÔÏÞÖÆÈëÇÖÕß¿ÉÄÜÔì³ÉµÄÆÆ»µ£¬´Ó¶øÌá¸ßϵͳµÄ°²È«ÐÔ¡£


 

½éÉÜ

ʲôÊÇchroot£¿chroot»ù±¾ÉÏÖض¨ÒåÁËÒ»¸ö³ÌÐòµÄÔËÐл·¾³¡£¸üÈ·ÇеØ˵£¬ËüÖض¨ÒåÁËÒ»¸ö³ÌÐò£¨»òµÇ¼»á»°£©µÄ¡°ROOT¡±Ä¿Â¼»ò¡°/¡±¡£ Ò²¾ÍÊÇ˵£¬¶ÔÓÚchrootÁ˵ijÌÐò»òshellÀ´Ëµ£¬chroot»·¾³Ö®ÍâµÄĿ¼ÊDz»´æÔڵġ£

ÄÇÕâÑùÓÖÓÐʲôÓÃÄØ£¿Èç¹ûÈëÇÖÕßÈëÇÖÁËÄãµÄµçÄÔ£¬ËûÃǾͲ»ÄÜ¿´¼ûÄãϵͳÀïËùÓеÄÎļþÁË¡£ ÕâÑù£¬¾ÍÏÞÖÆÁËÈëÇÖÕß¿ÉÄÜÖ´ÐеÄÃüÁ´Ó¶ø½ûÖ¹ÁËËûÃÇÒç³ö²»°²È«ÎļþµÄ»ú»á¡£µ«Î¨Ò»µÄȱµãÊÇ£¬ ÎÒÈÏΪÕâ²»ÄÜ×èÖ¹ËûÃDz쿴ÍøÂçÁ¬½ÓºÍÆäËû×ÊÁÏ¡£Òò´Ë£¬ÄãÓ¦×öһЩ±¾ÎÄδÉîÈëÉæ¼°µÄÊÂÇ飺

ÎÒÈÏΪ£¨°ÑÒÔ·ÇrootȨÏÞÔËÐеķþÎñ½øÐУ©chroot¿ÉÒÔ×÷ΪһµÀ°²È«·ÀÏßµÄÔ­ÒòÊÇ£¬ Èç¹ûÈëÇÖÕߵõ½ÁËÒ»¸ö·ÇrootÕË»§£¬µ«Ã»ÓÐʹËûÃǵõ½rootȨÏÞµÄÎļþµÄ»°£¬ÄÇôËûÃÇÖ»ÄܶÔËùÈëÇÖµÄÇøÓòÔì³ÉÆÆ»µ¡£ ¶øÇÒ£¬Èç¹ûrootÕË»§ÊÇÈëÇÖÇøÓò´ó²¿·ÖÎļþµÄÓµÓÐÕߵĻ°£¬ÈëÇÖÕßÊÇûÓжàÉÙ¹¥»÷µÄÑ¡ÔñµÄ¡£ÏÔÈ»£¬Èç¹ûÄãµÄÕË»§±»ÈëÇÖ£¬ ÄÇÒ»¶¨ÊÇijЩµØ·½³öÎÊÌâÁË£¬µ«×îºÃÄܼõÉÙÈëÇÖÕßËùÄÜÔì³ÉµÄÆÆ»µ¡£

Çë¼Çס ÎÒËù×öµÄ²¢²»ÊÇ100%ÕýÈ·µÄ¡£ÕâÊÇÎÒµÚÒ»´Î³¢ÊÔÕâÑù×ö£¬¾ÍËãÖ»ÊDz¿·ÖÓÐЧµÄ»°£¬ Ò²Ó¦¸ÃÊǺÜÈÝÒ×Íê³É»ù±¾µÄÅäÖõġ£ÎÒÏë×öÒ»¸öchrootµÄHOWTO£¬ÏÖÔÚËù˵µÄÖ»ÊÇһЩ»ù±¾µÄ¶«Î÷¡£  

ÔõÑù°ÑËùÓеķþÎñ¶¼chrootÄØ£¿

ºÃµÄ£¬ÈÃÎÒÃÇÏÈ´´½¨Ò»¸öĿ¼¡°/chroot¡±£¬È»ºóÒÔÏÂÃæµÄ¸ñʽ°ÑÎÒÃǵÄËùÓзþÎñ¶¼·ÅÔÚËüÏÂÃ棺 ÿһ¸ö·þÎñ¶¼ÊÇÍêÈ«ÓëÍâ½ç¸ôÀëµÄ¡£  

ÎÒÓÃÀ´´´½¨chroot»·¾³µÄPerl½Å±¾¡£

ÏÂÔØConfig_Chroot.pl.txt²¢¸üÃûΪ Config_Chroot.pl. Õâ¸öPerl½Å±¾ÈÃÄãÁгöËùÓÐÒÑ°²×°µÄ·þÎñ£¬²é¿´ÅäÖÃÎļþ£¬ÅäÖ÷þÎñ£¬²¢Æô¶¯ºÍÍ£Ö¹·þÎñ¡£Í¨³££¬Õâ¾ÍÊÇÄãÓ¦¸Ã×öµÄ¡£
  1. ´´½¨chrootĿ¼
    mkdir -p /chroot/Config/Backup
  2. ÏÂÔØConfig_Chroot.pl.txt ²¢¸üÃûΪ /chroot/Config_Chroot.pl
  3. Èç¹ûÄãµÄ¼ÒĿ¼£¨home directory£©²»ÊÇ/chroot£¬Çë°ÑPerl½Å±¾ÀïµÄ$Home ±äÁ¿×÷ÏàÓ¦µÄ¸Ä±ä¡£
  4. ÏÂÔØÎÒµÄÅäÖÃÎļþ¡£
ÏÖÔÚ£¬ÖØÒªµÄÊÇ£ºÎÒÖ»ÔÚ RedHat 7.2 ºÍ RedHat 6.2 ÉϲâÊÔ¹ý¡£.

ÇëÔÚPerl½Å±¾Àï×÷ÏàÓ¦µÄ¸Ä±äÒÔÊÊÓ¦ÄãµÄ·¢Ðа档

¹ØÓÚchroot£¬ÎÒдÁËÒ»±éºÜ³¤µÄÎÄÕ£¬µ«ÓÐÁËÎҵĽű¾£¬Ëü±äµÃ¶ÌÁ˺ܶࡣÔÚchrootÁ˺ܶà·þÎñÖ®ºó£¬ÎÒ×¢Òâµ½ÕâЩ·þÎñÖÐÐèÒª±»chrootµÄÎļþºÍÅäÖö¼ºÜÏàËÆ¡£¶ÔÒ»¸öÌض¨µÄ·þÎñÀ´Ëµ£¬ÅжÏÄÄЩÎļþÐèÒª¿½±´µÄ×îÈÝÒ׵ķ½·¨ÊDz鿴man£¬Èç¹û³ÌÐòÒªÓõ½¿âÎļþ£¬¾ÍÔÙ¼üÈë¡°ldd /usr/bin/file¡°¡£Ä㻹¿ÉÒÔ°ÑÄãÕýÔÚ°²×°µÄ·þÎñ½øÐÐchroot²¢ÊÖ¶¯Æô¶¯£¬ ¿´¿´³öÁËʲô´í»ò²éÒ»²éËüµÄÈÕÖ¾Îļþ¡£

ͨ³££¬Òª°²×°Ò»¸ö·þÎñ£¬¿ÉÒÔÕâÑù×ö£º

cd /chroot
./Config_Chroot.pl config  SERVICE
./Config_Chroot.pl install SERVICE
./Config_Chroot.pl start   SERVICE
 

¶Ô Ntpd ½øÐÐ Chroot

Ntpd ÊÇÒ»¸öʱ¼ä·þÎñ£¬ËüʹÄãµÄ¼ÆËã»úÒÔ¼°ÆäËü¼ÆËã»úºÍʵ¼Êʱ¼äͬ²½¡£°ÑËüchrootÊǺܼòµ¥µÄ¡£ 
cd /chroot
 # Èç¹ûÄãûÓÐʹÓÃÎÒµÄÅäÖÃÎļþ£¬Çë°ÑÏÂÒ»ÐеÄ×¢ÊÍÈ¥µô¡£
#./Config_Chroot.pl config  ntpd
./Config_Chroot.pl install ntpd
./Config_Chroot.pl start   ntpd
 

¶Ô DNS ºÍ named ½øÐÐ Chroot

ÒѾ­ÓÐÁËhowtoÎļþ£¬Çë¿´
http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO.html
»ò
http://www.linuxdoc.org/HOWTO/Chroot-BIND-HOWTO.html

Èç¹ûÄãÏëÓÃÎҵĽű¾

cd /chroot
 # Èç¹ûÄãûÓÐʹÓÃÎÒµÄÅäÖÃÎļþ£¬Çë°ÑÏÂÒ»ÐеÄ×¢ÊÍÈ¥µô¡£
#./Config_Chroot.pl config  named
./Config_Chroot.pl install named
./Config_Chroot.pl start   named
 

°Ñ Syslog ºÍÆäËû·þÎñÒ»Æð½øÐÐchrootÒÔ¼°ÎÒËùÓöµ½µÄÀ§ÄÑ¡£

ÎÒÏë°Ñsyslogd½øÐÐchroot¡£ÎÒÓöµ½µÄÀ§ÄÑÊÇ£¬syslogdĬÈÏʹÓÃ/dev/logĿ¼£¬¶øchrootÁ˵ķþÎñÊÇ¿´²»¼ûÕâ¸öĿ¼µÄ¡£Òò´Ë£¬ÓÃsyslogd×öÈÕÖ¾¼Ç¼¾Í²»ÊǺܷ½±ãÁË¡£ÏÂÃæÊÇ¿ÉÄܵĽâ¾ö·½°¸¡£ ÎÒµÄΨһµÄ½â¾ö·½°¸ÊÇÈ·±£syslogd·Ö±ðºÍÿһ¸ö·þÎñ½øÐÐchroot¡£ÎÒϲ»¶ÕâÑùµÄ½â¾ö·½°¸£¬ËüÒÔ·ÇrootȨÏÞÔÚ×Ô¼ºµÄchroot»·¾³£¨ÓÐЩÏñÍøÂç¶Ë¿Ú£©Ï¼Ç¼ÈÕÖ¾¡£ÕâÒ²ÐíÊÇ¿ÉÐеģ¬µ«ÎÒÕýÔÚÍ£Ö¹ÎÒËù×öµÄ£¬È»ºóÑ°ÇóÒ»¸ö¸üºÃµÄ½â¾ö·½°¸¡£

Èç¹ûÄã²»ÏëΪÿһ¸ö·þÎñ¶¼Å䱸һ¸ö¶ÀÁ¢µÄsyslogd£¬ÄÇôµ±ÄãµÄϵͳÔËÐÐsyslogdʱ£¬ÇëÔÚsyslogd¿ªÊ¼Ê±ÔËÐÐÏÂÃæÃüÁ 

syslogd -a /chroot/SERVICE/dev/log
Èç¹ûÓÐsshºÍdnsÒªÔËÐУ¬ÄÇô¿´ÉÏÈ¥Ó¦¸ÃÏñÕâÑù£º
syslogd -a /chroot/ssh/dev/log -a /chroot/named/dev/log -a /dev/log

¹ØÓÚsyslogd£¬ÎÒ×îºóÏë˵µÄÊÇ£¬ÎÒÏ£ÍûËüÄÜÔËÐÐÔÚ·ÇrootÕË»§Ï¡£ÎÒÊÔÁ˼¸¸ö¼òµ¥µÄ¶«Î÷£¬ µ«¶¼Ã»Óгɹ¦£¬ÓÚÊǾͷÅÆúÁË¡£Èç¹ûÄÜÈÃsyslogdºÍÿһ¸ö·þÎñÒ»ÆðÔËÐÐÔÚ·ÇrootÕË»§Ï£¬ ÎҾͻá¶ÔÎҵݲȫ´ëÊ©¸Ðµ½ÂúÒâÁË¡£Èç¹û¿ÉÄܵĻ°£¬×îºÃ½«ÈÕÖ¾¼Ç¼µ½ÍⲿÉ豸ÉÏ¡£  

¶Ô Apache ½øÐÐ Chroot

ºÜ¼òµ¥¡£Ò»µ©ÎÒÔËÐÐËü£¬¾Í¿ÉÒÔÖ´ÐÐPerl½Å±¾¡£ÏÖÔÚ£¬ÎÒµÄÅäÖÃÎļþÊǺܳ¤µÄ£¬ ÒòΪÎÒ±ØÐëÔÚchroot»·¾³Ï°üÀ¨PerlºÍPostgreSQLº¯Êý¿â¡£ÓÐÒ»¼þÊÂҪעÒ⣬Èç¹ûÄãÒªÁ¬½Óµ½Êý¾Ý¿âÉÏ£¬ ÇëÈ·±£ÄãµÄÊý¾Ý¿â·þÎñÔËÐÐÔÚ127.0.0.1 »Ø»·É豸ÉÏ£¬²¢ÔÚ¹ØÓÚDBIµÄPerl½Å±¾ÖÐÖ¸¶¨Ö÷»úΪ127.0.0.1. ÏÂÃæÊÇÎÒÔõÑù°ÑapacheÓÀ¾ÃÁ¬½Óµ½Ò»¸öÊý¾Ý¿âÉϵÄÀý×Ó£º 
$dbh ||= DBI->connect('dbi:Pg:dbname=DATABASE',"","", {PrintError=>0});

if ($dbh ) {$dbh->{PrintError} = 1;}
else
  {$dbh ||= DBI->connect('dbi:Pg:dbname=DATABASE;host=127.0.0.1',"","",
      {PrintError=>1});}

Ô´µØÖ·: http://httpd.apache.org/dist/httpd/

°Ñapache±àÒë²¢°²×°ÔÚÄãϵͳµÄ/usr/local/apacheĿ¼Ï£¬È»ºóÔËÐÐPerl½Å±¾¡£ 

cd /chroot
 # Èç¹ûÄãûÓÐʹÓÃÎÒµÄÅäÖÃÎļþ£¬Çë°ÑÏÂÒ»ÐеÄ×¢ÊÍÈ¥µô¡£
 # ./Config_Chroot.pl config  httpd
./Config_Chroot.pl install httpd
./Config_Chroot.pl start   httpd
ÔÚhttpd.confÎļþÀï°üº¬ÒÔϼ¸ÐÐ: 
ExtendedStatus On

<Location /server-status>
    SetHandler server-status
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>

<Location /server-info>
    SetHandler server-info
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Location>
È»ºó£¬ÔÚÄãµÄä¯ÀÀÆ÷ÀïÊäÈë http://127.0.0.1/server-status »ò http://127.0.0.1/server-info ²¢¼ì²é£¡  

¶Ô Ssh ½øÐÐ Chroot

Ê×ÏÈ£¬Èç¹û°Ñssh´Ó¶Ë¿Ú22Öض¨Ïòµ½2222¾ÍÀíÏëÁË¡£È»ºó£¬µ±ÄãÆô¶¯sshʱ£¬ ÈÃËüÔÚÒ»¸ö·ÇrootÕË»§Ï¼àÌý2222¶Ë¿Ú¡£ÔÚ³õʼ»¯sshÁ¬½Óʱ£¬ÎÒÃÇÖ»ÏëÈÃÓÐÃÜÂëµÄ°²È«ÕË»§Á¬½øÀ´£¬µ«²»×öÆäËûÈκÎÊÂÇé¡£ ÔÚËûÃǵǼ֮ºó£¬ÔËÐÐÔڶ˿Ú127.0.0.1:2222 µÄµÚ¶þ¸össh³ÌÐòÈÃËüÃÇÁ¬½Óµ½ÕæÕýµÄϵͳ -- ÕâµÚ¶þ¸össh³ÌÐòÓ¦¸ÃÖ»Ôڻػ·É豸ÉϼàÌý¡£ Õâ²ÅÊÇÄãÓ¦¸Ã×öµÄ¡£ÏÖÔÚÎÒÃDz»´òËãÈ¥×ö¡£ÎÒÃÇÒª×öµÄΨһµÄÊÂÇéÊÇÒÔÕâ¸öchrootµÄssh×ö¸öÀý×Ó¡£ ÉÏÃæÌáµ½µÄÒ»¸öÁ·Ï°¾ÍÇë¶ÁÕß×Ô¼ºÍê³É£ºÈÃsshdÔËÐÐÔÚ·ÇrootÕË»§Ï£¬ÔÙ°²×°µÚ¶þ¸ö¼àÌý»Ø»·É豸µÄsshdÒÔʹÈËÃÇÁ¬½øÕæÕýµÄϵͳ¡£

´ËÍ⣬ÎÒÃÇÖ»Òª°Ñssh½øÐÐchroot²¢ÈÃÄã¿´Ò»¿´ÄÇÑù×öµÄ½á¹û£¨Èç¹ûÄãÖ»×öÁËÕâЩ£¬Äã²»±Ø¹Û²ìÕû¸öϵͳ£©¡£ µ±È»£¬Èç¹ûÄÜ°ÑÈÕÖ¾¼Ç¼ÔÚÍⲿÉ豸ÉϾ͸üºÃÁË¡£ÎÒÃÇÓ¦¸ÃÓÃOpenSSH£¬µ«ÎªÁË·½±ã£¨ÕâºÃÏñ²»ÊÇÒ»¸öºÃµÄ½è¿Ú£©£¬ÎÒÓõÄÊÇÒ»¸öÉÌÒµµÄSSH¡£

Ô´µØÖ·: http://www.ssh.com/products/ssh/download.cfm

ÔÚ/usr/local/ssh_chrootÏ°²×°ssh²¢ÔËÐнű¾¡£ 

cd /chroot
 # Èç¹ûÄãûÓÐʹÓÃÎÒµÄÅäÖÃÎļþ£¬Çë°ÑÏÂÒ»ÐеÄ×¢ÊÍÈ¥µô¡£
 # ./Config_Chroot.pl config  sshd
./Config_Chroot.pl install sshd
./Config_Chroot.pl start   sshd
ÎÒ¾õµÃ°Ñssh·ÅÔÚchroot»·¾³ÏµÄÒ»¸öÕæÕýÓÐÒæµÄÊÂÇéÊÇ£¬Èç¹ûÄãÓÃËü´úÌæftp·þÎñÆ÷£¬ÈËÃÇÔÚÄãµÄÇøÓòÀï¾ÍÖ»ÓÐÓÐÏÞµÄȨÏÞ¡£ Rsync ºÍ SCP ÔÚÈËÃÇÉÏ´«ÎļþʱÔËÐе÷dz£ºÃ¡£ÎÒ²»ÊǺÜϲ»¶½¨Á¢ftp·þÎñÆ÷ÈÃÈËÃǵǼ¡£ºÜ¶àftp·þÎñÆ÷¶¼ÔËÐÐÔÚchroot»·¾³Ï£¬ µ«ÎÒ²»Ï²»¶ËûÃÇÈԾɴ«ËÍÃ÷ÎÄÃÜÂë¡£  

°Ñ PostSQL ½øÐÐ Chroot

Õ⼸ºõºÍperlÒ»Ñù¼òµ¥£¬³ýÁËËüÐèҪһЩ¶îÍâµÄº¯Êý¿â¡£×ܵÄÀ´Ëµ£¬Õâ²¢²»ÄÑ×ö¡£ ÎÒ±ØÐë×öµÄÒ»¼þÊÂÊÇ°ÑPostgreSQL·ÅÔÚÍøÂçÉÏ£¬µ«½ö½öÊÇ·ÅÔڻػ·É豸ÉÏ¡£ÒòΪËüÊDZ»chrootÁ˵ģ¬ ËùÒÔÆäËûÒѾ­chrootÁ˵ķþÎñÊDz»ÄܺÍËü½Ó´¥µÄ£¬¾ÍÏñweb·þÎñÆ÷ apache Ò»Ñù¡£ ÎÒ°ÑPerl±àÒë½øPostgreSQLÀïÈ¥ÁË£¬Òò´ËÎÒ±ØÐëÔÚÎÒµÄÅäÖÃÎļþÀï¼ÓºÜ¶àPerlµÄ¶«Î÷¡£

Ô´´úÂë: ftp://ftp.us.postgresql.org/source/v7.1.3/postgresql-7.1.3.tar.gz

°Ñapache±àÒë²¢°²×°ÔÚÄãϵͳÀïµÄ/usr/local/postgresĿ¼Ï¡£È»ºóÔËÐÐPerl½Å±¾¡£ 

cd /chroot
 # Èç¹ûÄãûÓÐʹÓÃÎÒµÄÅäÖÃÎļþ£¬Çë°ÑÏÂÒ»ÐеÄ×¢ÊÍÈ¥µô¡£
 # ./Config_Chroot.pl config  postgres
./Config_Chroot.pl install postgres
./Config_Chroot.pl start   postgres
 

°Ñ Sendmail ½øÐÐ Chroot

ÇëÖ´ÐÐÎÒµÄPerl½Å±¾¡£
cd /chroot
 # Èç¹ûÄãûÓÐʹÓÃÎÒµÄÅäÖÃÎļþ£¬Çë°ÑÏÂÒ»ÐеÄ×¢ÊÍÈ¥µô¡£
 # ./Config_Chroot.pl config  sendmail
./Config_Chroot.pl install sendmail
./Config_Chroot.pl start   sendmail
ÏÖÔÚÄã·¢ÏÖʲôÁË£¿Êǵģ¬ËûÈÔ¾ÉÒÔrootÕË»§ÔËÐС£¶øÇÒ£¬µ±sendmailÆô¶¯µÄʱºò£¬³ÌÐò/etc/rc.d/init.d/sendmail»áÖØн¨Á¢Ò»Ð©Îļþ¡£ ÎҵĽű¾²¢Ã»Óнâ¾öÕâ¸öÎÊÌâ¡£ÎÞÂÛºÎʱ£¬Èç¹ûÄãÔÚ/etc/mailÏÂ×öÁËÈκθĶ¯£¬Çë°Ñ¸Ä¶¯¹ýµÄÎļþ¿½±´µ½/chroot/sendmail/etcĿ¼Ï¡£ Ä㻹±ØÐë°Ñ/var/spool/mailÖ¸Ïò/chroot/sendmail/var/spool/mail£¬ÒÔʹsendmail³ÌÐòºÍÓû§£¨µ±ËûÃǵǼ½øÀ´µÄʱºò£©¿´µ½µÄÊÇÏàͬµÄÎļþ¡£

ºÃÔÚÄãËæʱ¿ÉÒÔ·¢ËÍÓʼþ£¬µ±ÄãÊÕÐŵÄʱºò²Å»á³öÎÊÌâ¡£Òò´Ë£¬ÎÒ¿ÉÒÔ°ÑsendmailºÍapacheÒ»Æð°²×°¶ø²»³öÎÊÌâ¡£ ÎÒµÄһЩPerl½Å±¾»áÏòÍâ·¢ËÍÓʼþ£¬ËùÒÔÎÒÒª°Ñsendmail³ÌÐò¿½±´µ½apacheµÄchroot»·¾³Ï¡£  

¹ØÓÚ Chroot µÄÆäËûһЩÊÂÇé¡£

ÏÂÃæÊÇÎҵĹ۵㣺
  1. ÄãµÄ»úÆ÷ÉÏ°üÀ¨sendmail, ssh, apache, postgresql, syslogÔÚÄÚµÄËùÓзþÎñ¶¼±ØÐëÔËÐÐÔÚchroot»·¾³Ï¡£
  2. ÿһ¸ö·þÎñ¶¼±ØÐëÒÔ·ÇrootÕË»§ÔËÐУ¨ÄãÒ²ÐíÐèÒª°ÑÒÑÊܱ£»¤µÄ¶Ë¿ÚÖض¨Ïòµ½Î´Êܱ£»¤µÃ¶Ë¿Ú¡£Õâ°üÀ¨sendmailºÍsyslog¡£
  3. ÈÕÖ¾Ó¦¸ÃÔ¶ÀëÏÖ³¡¡£
  4. ¶Ôÿһ¸ö·þÎñ¶¼ÊµÐдÅÅÌÅä¶î£¬ÒÔÏÞÖÆÈëÇÖÕßËùÄÜÕ¼ÓõĴÅÅÌ¡£µ±´ÅÅÌÒÑдÂúʱ£¬ÄãÓ¦¸ÃÔڻػ·É豸ÉÏΪijЩ·þÎñ°²×°Îļþϵͳ¡£
  5. ËùÓв»Ðè¸Ä¶¯µÄÎļþµÄÓµÓÐÕßÓ¦¸ÃÊÇrootÕË»§¡£
ÏÖÔÚ£¬Ëµµ½sendmailºÍsyslogd£¬ÎÒÈÔÈ»ÈÏΪËûÃDz»Ó¦ÔËÐÐÔÚrootÕË»§Ï¡£ ¶ÔÓÚsendmail£¬ÕâÒ²ÐíÊÇ¿ÉÄܵģ¬µ«ÎÒ·¢ÏÖÈÃËüÔËÐÐÔÚ·ÇrootÕË»§ÏÂÊǼ«ÆäÀ§Äѵģ¬ÖÁÉÙÎÒ»¹Ã»Óгɹ¦¹ý¡£ ÎÒÏ룬sendmail²»ÄÜÔËÐÐÔÚ·ÇrootÕË»§ÏÂÓ¦ÊÇÒ»¸öºÜÑÏÖصĴíÎó¡£ËäÈ»ÎÒÖªµÀÈÃËüÔËÐÐÔÚ·ÇrootÕË»§ÏºÜÀ§ÄÑ£¬ µ«ÎÒÈÏΪËùÓеÄÀ§ÄѶ¼ÊÇ¿ÉÒÔ½â¾öµÄ¡£Ö»Òª½â¾öÁËÎļþµÄÐí¿ÉȨÎÊÌ⣬ÎÒ¾õµÃsendmailÊDz»±ØÒÔrootȨÏÞÔËÐеġ£ Îҿ϶¨ÊǺöÂÔÁËʲô¶«Î÷£¬ÎÒ²»ÏàÐÅÕâЩÕÏ°­ÊDz»¿ÉÕ÷·þµÄ¡£

ÖÁÓÚsyslog£¬ÎÒ»¹Ã»ÓÐÊÔ¹ý£¬µ«ÎÒÈÏΪӦ¸ÃÒÔ·ÇrootÕË»§È¥¼Ç¼ÈÕÖ¾£¬ÎÒÏëÕâÓ¦¸ÃÊÇ¿ÉÐеġ£ ÖÁÉÙÎÒ¿ÉÒÔΪÿһ¸ö·þÎñÔÚchrootµÄ»·¾³Ï¼Ç¼ÈÕÖ¾¡£

ËùÓеķþÎñ¶¼ÒªÔËÐÐÔÚ·ÇrootÕË»§Ï£¬ÉõÖÁÊÇNFS¡£Çë¼Çס£¬ÊÇËùÓеķþÎñ¡£  

½¨Òé

 

½áÂÛ

ÎÒ¾õµÃ¶ÔËùÓеķþÎñÀ´Ëµchroot¶¼ÊÇÄÇô¿á£¬ÎÒÏ룬²»ÄÜÈÃËùÓеķþÎñ¶¼ÔËÐÐÔÚ·ÇrootÕË»§µÄchroot»·¾³ÏÂÓ¦¸ÃÊǸöºÜ´óµÄ´íÎó¡£ ÎÒÏ£ÍûÖ÷ÒªµÄ·¢ÐаæÓ¦¸Ã×öµ½ÕâÒ»µã£¬µ±È»£¬Ò²Ï£ÍûÆäËü·¢Ðаæ×öµ½¡£Mandrake ÒÔ¼æÈÝ RedHat Æð¼Ò²¢·¢Õ¹£¬Òò´Ë£¬ÈËÃÇ¿ÉÒÔ·ÂЧ Mandrake £¬ ÔÚÆäËûÈ˵Ļù´¡É϶Ôchroot½øÐÐÀ©Õ¹¡£ÎÒÈÏΪÕâÊÇ¿ÉÐеģ¬ÒòΪÔÚGNU/LinuxÀûÓÐʲô»á×èÖ¹ÄãÖØ×öÆäËûÈ˵Ť×÷¡£ Èç¹ûij¸ö¹«Ë¾ÏëchrootËùÓзþÎñ²¢ÎªÈËÃÇ´´½¨ÁËÒ»Ì×ÈÝÒ×¹ÜÀíchrootÁ˵ķþÎñµÄ»·¾³£¬ÄÇôËü¾ÍÓµÓÐÁËÒ»¸öÀíÏëµÄ·¢Ðа档 ¼Çס£¬LinuxÕýÇ÷ÏòÖ÷Á÷£¬ÈËÃDz»ÏëÔÙ¿´¼ûÃüÁîÐУ¬Òò´ËÈç¹ûÿ¼þʶ¼¿ÉÒÔÔÚguiµÄ»·¾³ÏÂÈ¥×ö£¬ÈËÃǾͲ»ÐèÒªÁ˽âÄÚ²¿µÄ¹¹Ô죬 ²¢ÇÒ²»ÐèÒªÖªµÀµ½µ×ÊÇʲôÔÚÔËÐУ¬ËûÃÇÖ»ÒªÄÜÅäÖò¢ÖªµÀÕâÊÇÐÐÖ®ÓÐЧµÄ¾ÍÐÐÁË¡£

ÎÒ¾ø¶ÔÖ§³ÖÈÃËùÓзþÎñ¶¼ÔËÐÐÔÚ·ÇrootȨÏÞµÄchrootµÄ»·¾³Ï£¬Èκβ»ÄÜ×öµ½ÕâÒ»µãµÄ·¢Ðа棬ÎÒ¶¼²»»á¿¼ÂÇÔÚÉú²ú»·¾³ÖÐʹÓÃËü¡£ ÎÒÕýʹËùÓеķþÎñ¶¼ÔËÐÐÔÚchroot»·¾³Ï£¬¾¡ÎҵĿÉÄÜʹԽÀ´Ô½¶àµÄ¶«Î÷ÕâÑùÔËÐÐ -- ×îÖÕ£¬ÎÒ»á´ïµ½ÎÒµÄÀíÏë¡£

ÎÒ´òËãΪchrootдһ¸öHOWTO¡£ÎÒÕý·¢ËÍÇëÇó£¬Ï£Íûij¸öÈËÄܹ»°ÑÎÒÕâƪÎÄÕÂת»»³ÉLyX¸ñʽ£¬ÒÔ±ãËü¿ÉÒԷŵ½LinuxµÃHOWTOÉÏ¡£  

²Î¿¼ÊéÄ¿

  1. ÈçÓб䶯£¬Çë¼ûhttp://www.gnujobs.com/Articles/23/chroot.html
 

¶ÔÕâƪÎÄÕ·¢±íÆÀÂÛ

ÿƪÎÄÕ¶¼Óи÷×Եķ´À¡Ò³Ãæ¡£ÔÚÕâ¸öÒ³ÃæÀÄú¿ÉÒÔÌá½»ÆÀÂÛ£¬Ò²¿ÉÒԲ鿴ÆäËû¶ÁÕßµÄÆÀÂÛ£º
 ·´À¡Ò³Ãæ 
Ö÷Ò³ÓÉLinuxFocus±à¼­×éά»¤
© Mark Nielsen, FDL
LinuxFocus.org
µã»÷ÕâÀïÏòLinuxFocus±¨¸æ´íÎó»òÌá³öÒâ¼û
 ·­ÒëÐÅÏ¢:
en --> -- : Mark Nielsen (homepage)
en --> zh: l3oL1u <c_liunix(at)hotmail.com>

2002-01-02, generated by lfparser version 2.23