Copyright (C) 2000-2012 |
GNU Info (am-utils.info)/tftpboot in a chroot-ed environment`/tftpboot' in a chroot-ed environment ====================================== In this complex example, we attempt to run an Amd process _inside_ a chroot-ed environment. `tftpd' (Trivial FTP) is used to trivially retrieve files used to boot X-Terminals, Network Printers, Network routers, diskless workstations, and other such devices. For security reasons, `tftpd' (and also `ftpd') processes are run using the chroot(2) system call. This provides an environment for these processes, where access to any files outside the directory where the chroot-ed process runs is denied. For example, if you start `tftpd' on your system with chroot /tftpboot /usr/sbin/tftpd then the `tftpd' process will not be able to access any files outside `/tftpboot'. This ensures that no one can retrieve files such as `/etc/passwd' and run password crackers on it. Since the TFTP service works by broadcast, it is necessary to have at least one TFTP server running on each subnet. If you have lots of files that you need to make available for `tftp', and many subnets, it could take significant amounts of disk space on each host serving them. A solution we implemented at Columbia University was to have every host run `tftpd', but have those servers retrieve the boot files from two replicated servers. Those replicated servers have special partitions dedicated to the many network boot files. We start Amd as follows: amd /tftpboot/.amd amd.tftpboot That is, Amd is serving the directory `/tftpboot/.amd'. The `tftp' server runs inside `/tftpboot' and is chroot-ed in that directory too. The `amd.tftpboot' map looks like: # # Amd /tftpboot directory -> host map # /defaults opts:=nosuid,ro,intr,soft;fs:=/tftpboot/import;type:=nfs tp host==lol;rfs:=/n/lol/import/tftpboot;type:=lofs \ host==ober;rfs:=/n/ober/misc/win/tftpboot;type:=lofs \ rhost:=ober;rfs:=/n/ober/misc/win/tftpboot \ rhost:=lol;rfs:=/n/lol/import/tftpboot To help understand this example, I list a few of the file entries that are created inside `/tftpboot': $ ls -la /tftpboot dr-xr-xr-x 2 root 512 Aug 30 23:11 .amd drwxrwsr-x 12 root 512 Aug 30 08:00 import lrwxrwxrwx 1 root 33 Feb 27 1997 adminpr.cfg -> ./.amd/tp/hplj/adminpr.cfg lrwxrwxrwx 1 root 22 Dec 5 1996 tekxp -> ./.amd/tp/xterms/tekxp lrwxrwxrwx 1 root 1 Dec 5 1996 tftpboot -> . Here is an explanation of each of the entries listed above: `.amd' This is the Amd mount point. Note that you do not need to run a separate Amd process for the TFTP service. The chroot(2) system call only protects against file access, but the same process can still serve files and directories inside and outside the chroot-ed environment, because Amd itself was not run in chroot-ed mode. `import' This is the mount point where Amd will mount the directories containing the boot files. The map is designed so that remote directories will be NFS mounted (even if they are already mounted elsewhere), and local directories are loopback mounted (since they are not accessible outside the chroot-ed `/tftpboot' directory). `adminpr.cfg' `tekxp' Two manually created symbolic links to directories _inside_ the Amd-managed directory. The crossing of the component `tp' will cause Amd to automount one of the remote replicas. Once crossed, access to files inside proceeds as usual. The `adminpr.cfg' is a configuration file for an HP Laser-Jet 4si printer, and the `tekxp' is a directory for Tektronix X-Terminal boot files. `tftpboot' This innocent looking symlink is important. Usually, when devices boot via the TFTP service, they perform the `get file' command to retrieve FILE. However, some devices assume that `tftpd' does not run in a chroot-ed environment, but rather "unprotected", and thus use a full pathname for files to retrieve, as in `get /tftpboot/file'. This symlink effectively strips out the leading `/tftpboot/'. automatically generated by info2www version 1.2.2.9 |