# mknod for chroot ssh user



## l2f (Nov 30, 2010)

Hello,

I try to figure out on how to create device node with mknod for my chroot ssh user, as written in the man sshd_config: 


> The ChrootDirectory must contain the necessary files and directo-
> ries to support the user's session.  For an interactive session
> this requires at least a shell, typically sh(1), and basic /dev
> nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
> arandom(4) and tty(4) devices.


I try to create the device but the manpage of mknod does not help


> major   The major device number is an integer number which tells the ker-
> nel which device driver entry point to use.  To learn what major
> device number to use for a particular device, check
> /usr/src/sys/conf/majors


the file /usr/src/sys/conf/majors does not exist, and I have the src.

I am a little bit lost with mknod, devfs, etc.

Regards,

L2f


----------



## SirDice (Dec 1, 2010)

You don't need mknod, just mount devfs inside your chroot environment.


----------



## l2f (Dec 1, 2010)

Hello,

Great, but how do you do this, I try to chroot ssh: /home/chroot 

In fact, I did: [cmd=]mknod null c 0 0 root:wheel; chmod guo+rw null[/cmd]
The easiest way I find is to cp the /dev to my /home/chroot.

Thanks

l2f


----------



## SirDice (Dec 1, 2010)

`# mount -t devfs devfs /path/to/chroot/dev/`


----------



## da1 (Dec 1, 2010)

Or better yet, put:

```
jail_www_devfs_enable="YES"          # mount devfs in the jail
jail_www_devfs_ruleset="www_ruleset" # devfs ruleset to apply to jail
```
 in your rc.conf and every time you power up the jail, it will have devfs automounted.

Handbook.


----------



## SirDice (Dec 1, 2010)

chroot != jail


----------



## Galactic_Dominator (Dec 1, 2010)

SirDice said:
			
		

> chroot != jail


Wrong, a chroot is very much equivalent to a jail except a jail has tools to manage it effectively plus a lot of other abilities.  You can easily create a method to spin up lightweight jails to take the place of where you would use chroot's in other OS's.


----------



## l2f (Dec 1, 2010)

Hello everyone,

Thank you so much for your answers, I use the chroot because I have to test in FreeBSD but I have to create it in AIX (in fact to help the sysadmin to do it), so I try to keep it simple.

Regards,

l2f


----------



## jalla (Dec 1, 2010)

Galactic_Dominator said:
			
		

> Wrong, a chroot is very much equivalent to a jail except a jail has tools to manage it effectively plus a lot of other abilities.  You can easily create a method to spin up lightweight jails to take the place of where you would use chroot's in other OS's.



I think the point was that jail_XXX variables in rc.conf does nothing for the OP


----------



## SirDice (Dec 2, 2010)

Galactic_Dominator said:
			
		

> Wrong, a chroot is very much equivalent to a jail except a jail has tools to manage it effectively plus a lot of other abilities.


If it has different abilities it's not the same is it?


----------



## Galactic_Dominator (Dec 2, 2010)

SirDice said:
			
		

> If it has different abilities it's not the same is it?


Of course a jail has all the abilities of a chroot, anyone who has used one knows that.  That means a jail can do WHATEVER a chroot can plus additional abilities like VNET, extended sysctl's, an rc framework to support automation, etc.  About the only time you wouldn't consider using jail over a chroot is when cross-platform is required or a super-simple quick filesystem isolation.  Since the OP hadn't made that clear earlier, da1's suggestion was a good one.


----------



## SirDice (Dec 2, 2010)

Take a marathon runner, a sprinter and me. According to your definition we're all the same because all three of us can run. However the sprinter will suck doing a marathon, the marathon runner will suck doing the 100m and I will suck doing either of them. Because we have different capabilities we are, by definition, not the same.


----------



## DutchDaemon (Dec 2, 2010)

Shall I take an apple or an orange. Or even a pear?


----------

