SSH for my_webapp and installing chroot os with the help of debootstrap

Discuss Tutorials
2

I needed lot of commands that was required under chroot jail along with ssh support. So I installed debootstrap and installed debian stable version inside chroot folder that is my_webapp__1. This way a virtual envirnment was created for the development of the app completely away from the yunohost. Here are the steps I followed. If some thing can be improved or can be done in better way, please don’t hesitate to improve this.

  1. Install my_webapp on yunohost.
    # yunohost app install https://github.com/YunoHost-Apps/my_webapp_ynh/

  2. Remove force sftp for the app from ssh
    # nano /etc/ssh/sshd_config
    Remove ForceCommand internal-sftp from the my_webapp__1 .

  3. Allow the user to have ssh permission by adding the line AllowUsers my_webapp__1

  4. Restart ssh
    # service ssh restart

  5. Install debootstrap. Read more about chroot and debootstrap here
    # apt-get install debootstrap

  6. Install the choice of os in chroot directory.
    # debootstrap stable /var/www/my_webapp__1 http://deb.debian.org/debian/

  7. You can login to the root of the new installed os by chroot
    # chroot /var/www/my_webapp__1

  8. Install the required packages like ssh,sudo
    # apt-get install ssh sudo

  9. Exit the chroot
    # exit

  10. The uid for both the users that is the real os (Yunohost) and the chroot os should be same. So we give the same uid of my_webapp__1’s (real os-Yunohost) to the my_webapp__1’s (chroot os).
    Get the uid of webapp__1 from real os(Yunohost)
    #cat /etc/passwd
    Check for the uid of the my_webapp__1 and copy it.
    Again login to chroot directory following step 7 and create a user my_webapp__1 in chroot OS.
    # adduser my_webapp__1
    Give it the same password as real OS(Yuhohost) user.

  11. Give the same uid to the chroot os by coping the uid of real os (Yunohost) to the chroot os.
    Paste the uid of for_webapp__1 ( real os) copied from real os (Yunohost)
    #nano /etc/passwd
    Paste the uid to the my_webapp__1

  12. Now you can ssh to the chroot folder with the my_webapp__1 user.
    Try it
    $ ssh my_webapp__1@domain.tld
    Enter password and you will be in the shell as my_webapp__1 user of chroot os.

Sometimes my_webapp__1 will require root privileges. For this either you can give my_webapp__1 as root privileges or login as root by su. Other way is giving user privilege to run sudo without password and with root access by editing /etc/sudoers.
Login to the chroot root by step 7 again and add the user to have sudo privieges.
# nano /etc/sudoers
Add this line under Allow members of group sudo to execute any command
my_webapp__1 ALL=(ALL) NOPASSWD: ALL

Now you can ssh to the chroot by ssh my_webapp__1@domain.tld and run any command which require by sudo.

1 Like