Welcome! Log In Create A New Profile


Re: getpwnam issue

January 12, 2011 04:09PM
chadmiko Wrote:
> I have seemingly solved this issue. I failed to
> copy /lib/libnsl.so.1 into my chroot /lib folder
> but have added it and I can start nginx using the
> start-stop-daemon command with the --chroot flag;
> strace is a life-saver.
> In case anyone else goes down this road in the
> future, you can strace your start-stop-daemon call
> to a chrooted nginx as follows:
> # start-stop-daemon --start --pidfile $PIDFILE
> --exec $DAEMON --chroot $CHRDIR --startas
> /usr/bin/strace -- -f -o /tmp/$NAME.strace
> where...
> $PIDFILE = path/to/nginx/pid
> $DAEMON = /usr/sbin/nginx
> $CHRDIR = /chroot/nginx (or your chroot dir)
> $NAME = nginx
> make sure you copy /usr/bin/strace into
> $CHRDIR/usr/bin/ else the above command will fail
> (don't forget to remove it after you've debugged
> everything).
> strace will be output to $CHRDIR/tmp/$NAME.strace.
> This is how I was able to determine what libraries
> I needed.

Thanks for the tip! I too was having trouble with chroot'ing nginx on Ubuntu Lucid 10.04 LTS, and that strace led me to the missing libs.

To make this easier, I wrote a script based on many tips from Vivek Gite's blog, mainly this post: http://www.cyberciti.biz/faq/howto-run-nginx-in-a-chroot-jail/ , and I've released it on Github in hopes it will help others:


I've included the nginx init.d script updated to launch nginx chrooted. It also creates a new, password-locked nginx user with the home directory set to the chroot directory. I've only tested it with an Ubuntu 64-bit minimal installation on my VPS, so feel free to comment or submit patches on Github!


Subject Author Posted

getpwnam issue

chadmiko January 04, 2011 03:43PM

Re: getpwnam issue

chadmiko January 04, 2011 05:52PM

Re: getpwnam issue

doublerebel January 12, 2011 04:09PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 67
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready