Move chroot creation to jailkit

etc/jailkit/jk_init.ini

@@ -0,0 +1,175 @@
+[uidbasics]
+# this section probably needs adjustment on 64bit systems
+# or non-Linux systems
+comment = common files for all jails that need user/group information
+paths = /lib/libnsl.so.*, /lib64/libnsl.so.*, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.*, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.*, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.*, /etc/nsswitch.conf, /etc/ld.so.conf
+# Solaris needs 
+# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf
+
+[netbasics]
+comment = common files for all jails that need any internet connectivity
+paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
+# on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure
+
+[logbasics]
+comment = timezone information and log sockets
+paths = /etc/localtime
+need_logsocket = 1
+# Solaris does not need logsocket
+# but needs 
+# devices = /dev/log, /dev/conslog
+
+[jk_lsh]
+comment = Jailkit limited shell
+paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
+users = root
+groups = root
+includesections = uidbasics, logbasics
+
+[limitedshell]
+comment = alias for jk_lsh
+includesections = jk_lsh
+
+[cvs]
+comment = Concurrent Versions System
+paths = cvs
+devices = /dev/null
+
+[git]
+comment = Fast Version Control System
+paths = /usr/bin/git*, /usr/lib/git-core, /usr/share/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager
+includesections = editors, perl
+
+[scp]
+comment = ssh secure copy
+paths = scp
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+
+[sftp]
+comment = ssh secure ftp
+paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/null
+# on solaris 
+#paths = /usr/lib/ssh/sftp-server
+
+[ssh]
+comment = ssh secure shell
+paths = ssh
+includesections = netbasics, uidbasics
+devices = /dev/urandom, /dev/tty, /dev/null
+
+[rsync]
+paths = rsync
+includesections = netbasics, uidbasics
+
+[procmail]
+comment = procmail mail delivery
+paths = procmail, /bin/sh
+devices = /dev/null
+
+[basicshell]
+comment = bash based shell with several basic utilities
+paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
+users = root
+groups = root
+includesections = uidbasics
+
+[interactiveshell]
+comment = for ssh access to a full shell
+includesections = uidbasics, basicshell, terminfo, editors, extendedshell
+
+[midnightcommander]
+comment = Midnight Commander
+paths = mc, mcedit, mcview, /usr/share/mc
+includesections = basicshell, terminfo
+
+[extendedshell]
+comment = bash shell including things like awk, bzip, tail, less
+paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
+includesections = basicshell, midnightcommander, editors
+
+[terminfo]
+comment = terminfo databases, required for example for ncurses or vim 
+paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo
+
+[editors]
+comment = vim, joe and nano
+includesections = terminfo
+paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim
+
+[netutils]
+comment = several internet utilities like wget, ftp, rsync, scp, ssh
+paths = wget, lynx, ftp, host, rsync, smbclient
+includesections = netbasics, ssh, sftp, scp
+
+[apacheutils]
+comment = htpasswd utility
+paths = htpasswd
+
+[extshellplusnet]
+comment = alias for extendedshell + netutils + apacheutils
+includesections = extendedshell, netutils, apacheutils
+
+[openvpn]
+comment = jail for the openvpn daemon
+paths = /usr/sbin/openvpn
+users = root,nobody
+groups = root,nogroup
+#includesections = netbasics
+devices = /dev/urandom, /dev/random, /dev/net/tun
+includesections = netbasics, uidbasics
+need_logsocket = 1
+
+[apache]
+comment = the apache webserver, very basic setup, probably too limited for you
+paths = /usr/sbin/apache
+users = root, www-data
+groups = root, www-data
+includesections = netbasics, uidbasics
+
+[perl]
+comment = the perl interpreter and libraries
+paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5
+
+[xauth]
+comment = getting X authentication to work
+paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf
+
+[xclients]
+comment = minimal files for X clients
+paths = /usr/X11R6/lib/X11/rgb.txt
+includesections = xauth
+
+[vncserver]
+comment = the VNC server program
+paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
+includesections = xclients
+
+[ping]
+comment = Ping program
+paths_w_setuid = /bin/ping
+
+#[xterm]
+#comment = xterm
+#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
+#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4
+
+[php]
+comment = the php interpreter and libraries
+paths = /usr/bin/php*, composer, /usr/bin/phar*, env, /usr/lib/php, /usr/share/php, /usr/share/php*, /usr/share/zoneinfo, /usr/share/ca-certificates, /etc/ssl/certs, /usr/lib/ssl/certs, /etc/localtime
+includesections = netbasics
+
+[locales]
+comment = all translations
+paths = /usr/lib/locale, /usr/share/i18n, /etc/default/locale, /etc/locale.alias
+
+[custom_hosting]
+comment = custom giftGRÜN configuration
+includesections = php, git, netutils, interactiveshell, locales
+devices = /dev/zero, /dev/random
+paths = base32, base64, basenc, brotli, cksum, comm, csplit, curl, dirname, dir, expand, expr, factor, fmt, fold, gpg, id, install, join, link, mysql, mysqldump, mysqlcheck, nl, nohup, numfmt, od, openssl, paste, pr, printenv, printf, ptx, readlink, realpath, seq, sha1sum, sha224sum, sha256sum, sha384sum, sha512sum, shred, shuf, split, stat, stdbuf, sum, test, tee, timeout, tput, truncate, tsort, unexpand, uniq, unlink, unxz, unzip, vdir, which, xargs, xz, zip, zopfli, nologin, /etc/bash_completion, /etc/bash_completion.d, /usr/share/bash-completion, /etc/profile.d, /etc/ld.so.conf.d, /etc/hostname
+emptydirs = /var/run/mysqld, /tmp
+users = root, www-data
+groups = root, www-data

install_binaries.sh

@@ -6,18 +6,18 @@ export LANG=C.UTF-8
 export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
 # install all required packages
 DEBIAN_FRONTEND=noninteractive apt-get update
-DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y apt-transport-tor bash-completion bind9 brotli bzip2 ca-certificates clamav-daemon clamav-freshclam curl dovecot-imapd dovecot-lmtpd dovecot-pop3d git hardlink haveged iptables libio-socket-ip-perl libnginx-mod-http-brotli libnginx-mod-stream libsasl2-modules locales locales-all logrotate lsb-release mariadb-server nano nginx postfix postfix-mysql quota quotatool redis rspamd rsync ssh tor unzip util-linux vim wget xz-utils zip zopfli
+DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y apt-transport-tor bash-completion bind9 brotli bzip2 ca-certificates clamav-daemon clamav-freshclam curl dovecot-imapd dovecot-lmtpd dovecot-pop3d git hardlink haveged iptables jailkit libio-socket-ip-perl libnginx-mod-http-brotli libnginx-mod-stream libsasl2-modules locales locales-all logrotate lsb-release mariadb-server nano nginx postfix postfix-mysql quota quotatool redis rspamd rsync ssh tor unzip util-linux vim wget xz-utils zip zopfli
 # build dependencies
-DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y autoconf automake bison g++ gcc ghostscript gnupg libaom-dev `apt-cache search --names-only 'libargon2(-0)?-dev' | awk '{print $1;}' | head -n1` binutils-dev libbrotli-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libdjvulibre-dev libedit-dev `apt-cache search --names-only 'libenchant(-2)?-dev' | awk '{print $1;}' | head -n1` libffi-dev `apt-cache search --names-only libfreetype6?-dev | awk '{print $1;}' | head -n1` libfftw3-dev libfribidi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libgraphviz-dev libgs-dev libharfbuzz-dev libheif-dev libjbig-dev libjbig2dec0-dev libjxl-dev libkrb5-dev libldap2-dev liblmdb-dev liblqr-1-0-dev libmariadb-dev libonig-dev libopenexr-dev libopenjp2-7-dev libpango1.0-dev libpng-dev libpspell-dev libqdbm-dev libraqm-dev libraw-dev libreadline-dev librsvg2-dev libsasl2-dev libsodium-dev libssh2-1-dev libssl-dev libsqlite3-dev libsystemd-dev libtidy-dev libtool libwebp-dev libwmf-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev libzstd-dev make poppler-utils re2c zlib1g-dev
+DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y autoconf automake bison g++ gcc ghostscript gnupg libaom-dev $(apt-cache search --names-only 'libargon2(-0)?-dev' | awk '{print $1;}' | head -n1) binutils-dev libbrotli-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libdjvulibre-dev libedit-dev $(apt-cache search --names-only 'libenchant(-2)?-dev' | awk '{print $1;}' | head -n1) libffi-dev $(apt-cache search --names-only libfreetype6?-dev | awk '{print $1;}' | head -n1) libfftw3-dev libfribidi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libgraphviz-dev libgs-dev libharfbuzz-dev libheif-dev libjbig-dev libjbig2dec0-dev libjxl-dev libkrb5-dev libldap2-dev liblmdb-dev liblqr-1-0-dev libmariadb-dev libonig-dev libopenexr-dev libopenjp2-7-dev libpango1.0-dev libpng-dev libpspell-dev libqdbm-dev libraqm-dev libraw-dev libreadline-dev librsvg2-dev libsasl2-dev libsodium-dev libssh2-1-dev libssl-dev libsqlite3-dev libsystemd-dev libtidy-dev libtool libwebp-dev libwmf-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev libzstd-dev make poppler-utils re2c zlib1g-dev
 
 # install nvm
-curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 export NVM_DIR="$HOME/.nvm"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
 
 # install nodejs
 nvm install node --latest-npm --default
-for old_version in `nvm ls --no-alias --no-colors | grep -v '\->' | awk '{print $1;}'`; do nvm uninstall $old_version; done
+for old_version in $(nvm ls --no-alias --no-colors | grep -v '\->' | awk '{print $1;}'); do nvm uninstall "$old_version"; done
 nvm cache clear
 
 #install yarn
@@ -54,11 +54,11 @@ if [ ! -e msgpack-php ]; then
 fi
 cd ../..
 
-export PROC_LIMIT=`free -g | grep Mem | awk -v nproc=$(nproc) '{print (($2 + 1) < nproc) ? ($2 + 1) : nproc;}'`
+export PROC_LIMIT=$(free -g | grep Mem | awk -v nproc=$(nproc) '{print (($2 + 1) < nproc) ? ($2 + 1) : nproc;}')
 #start build
 cd ImageMagick
 git fetch --all
-git checkout 7.1.1-36
+git checkout 7.1.1-37
 CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure --without-perl --without-magick-plus-plus --disable-openmp --with-fftw --with-gslib --with-gvc --with-rsvg --with-wmf
 make -j $PROC_LIMIT install
 make distclean

var/www/setup_chroot.sh

@@ -1,334 +1,33 @@
 #!/bin/bash
+set -e
 
 export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
 
 test "$1" != "" || { echo "Need path to chroot directory"; exit 1; }
 
-ALL_LIB_DIRECTORIES=()
-ALL_LIB_FILES=()
-
-### functions
-function CHROOT_BINARY() {
-    BINARY="$(which $1)"
-    if [ "$BINARY" == "" ]; then
-        return;
-    fi
-    if [ "$(echo $BINARY | grep -E '.*:.*')" != "" ]; then
-        BINARY="$(echo $BINARY | cut -d':' -f2)"
-    fi
-    LIB_FILES="$(ldd $BINARY 2>&1 | grep -v 'not a dynamic executable' | awk '{ print $3 }' | grep -E '^/(.*)' || echo)"
-    LDD_FILES="$(ldd $BINARY 2>&1 | grep -v 'not a dynamic executable' | grep 'ld-linux' | awk '{ print $1; }' || echo)"
-    if [ "$LIB_FILES" != "" ]; then
-        for LIB_FILE in $LIB_FILES; do
-            ADD_LIB $LIB_FILE
-        done
-    fi
-    if [ "$LDD_FILES" != "" ]; then
-        for LDD_FILE in $LDD_FILES; do
-            ADD_LIB $LDD_FILE
-        done
-    fi
-    BINARY_DIRECTORY="$(dirname $BINARY)"
-    mkdir -pm 0555 $CHROOT_DIRECTORY$BINARY_DIRECTORY
-    cp $BINARY $CHROOT_DIRECTORY$BINARY
-    chmod 0555 $CHROOT_DIRECTORY$BINARY
-}
-
-function ADD_LIB() {
-    LIB_DIRECTORY="$(dirname $1)"
-    if [[ ! "${ALL_LIB_DIRECTORIES[@]}" =~ "$LIB_DIRECTORY" ]]; then
-        ALL_LIB_DIRECTORIES=(${ALL_LIB_DIRECTORIES[@]} "$LIB_DIRECTORY")
-    fi
-    if [[ ! "${ALL_LIB_FILES[@]}" =~ "$1" ]]; then
-        ALL_LIB_FILES=(${ALL_LIB_FILES[@]} "$1")
-    fi
-}
-
-function CHROOT_LIBRARIES() {
-    for DIRECTORY in ${ALL_LIB_DIRECTORIES[@]}; do
-        mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY
-    done
-    for FILE in ${ALL_LIB_FILES[@]}; do
-        cp $FILE $CHROOT_DIRECTORY$FILE
-        chmod 0555 $CHROOT_DIRECTORY$FILE
-    done
-}
-
 ### variables
 CHROOT_DIRECTORY=$1
-CHROOT_DIRECTORY_STRUCTURE=(
-    '/etc'
-    '/etc/default'
-    '/dev'
-    '/tmp'
-    '/usr'
-    '/usr/share'
-    '/usr/share/bash-completion'
-    '/usr/share/bash-completion/completions'
-    '/usr/bin'
-    '/usr/lib'
-    '/usr/lib/openssh'
-    '/usr/sbin'
-    '/var'
-    '/var/run'
-    '/var/run/mysqld'
-)
-CHROOT_DIRECTORY_TO_CLEAN=(
-    '/bin'
-    '/lib'
-    '/usr/bin'
-    '/usr/lib'
-    '/usr/sbin'
-)
-BINARIES_GENERAL=(
-    '['
-    'awk'
-    'base32'
-    'base64'
-    'basename'
-    'basenc'
-    'bash'
-    'brotli'
-    'bzip2'
-    'cat'
-    'chmod'
-    'cksum'
-    'clear'
-    'comm'
-    'composer'
-    'cp'
-    'csplit'
-    'curl'
-    'cut'
-    'date'
-    'dd'
-    'dirname'
-    'dir'
-    'du'
-    'echo'
-    'egrep'
-    'env'
-    'expand'
-    'expr'
-    'factor'
-    'false'
-    'fgrep'
-    'find'
-    'fmt'
-    'fold'
-    'git'
-    'git-receive-pack'
-    'git-shell'
-    'git-upload-archive'
-    'git-upload-pack'
-    'gpg'
-    'grep'
-    'gunzip'
-    'gzip'
-    'head'
-    'id'
-    'install'
-    'join'
-    'less'
-    'link'
-    'ln'
-    'ls'
-    'md5sum'
-    'mkdir'
-    'mktemp'
-    'mv'
-    'mysql'
-    'mysqldump'
-    'mysqlcheck'
-    'nano'
-    'nl'
-    'nohup'
-    'numfmt'
-    'od'
-    'openssl'
-    'paste'
-    'php8.1'
-    'php8.2'
-    'pr'
-    'printenv'
-    'printf'
-    'ptx'
-    'pwd'
-    'readlink'
-    'realpath'
-    'rm'
-    'rmdir'
-    'rsync'
-    'scp'
-    'sed'
-    'seq'
-    'sftp'
-    'sh'
-    'sha1sum'
-    'sha224sum'
-    'sha256sum'
-    'sha384sum'
-    'sha512sum'
-    'shred'
-    'shuf'
-    'sleep'
-    'sort'
-    'split'
-    'ssh'
-    'stat'
-    'stdbuf'
-    'sum'
-    'tac'
-    'tail'
-    'tar'
-    'test'
-    'tee'
-    'timeout'
-    'touch'
-    'tput'
-    'tr'
-    'true'
-    'truncate'
-    'tsort'
-    'uname'
-    'unexpand'
-    'uniq'
-    'unlink'
-    'unxz'
-    'unzip'
-    'vdir'
-    'vi'
-    'vim'
-    'wc'
-    'wget'
-    'which'
-    'xargs'
-    'xz'
-    'zip'
-    'zopfli'
-    'nologin'
-)
-FILES_GENERAL=(
-    '/etc/hosts'
-    '/etc/hostname'
-    '/etc/resolv.conf'
-    '/etc/nsswitch.conf'
-    '/etc/services'
-    '/etc/protocols'
-    '/etc/locale.alias'
-    '/etc/default/locale'
-    '/etc/localtime'
-    '/etc/profile'
-    '/etc/bash_completion'
-    '/etc/bash.bashrc'
-    '/usr/share/bash-completion/bash_completion'
-    '/usr/share/bash-completion/completions/alias'
-    '/usr/share/bash-completion/completions/bind'
-    '/usr/share/bash-completion/completions/bzip2'
-    '/usr/share/bash-completion/completions/compgen'
-    '/usr/share/bash-completion/completions/complete'
-    '/usr/share/bash-completion/completions/curl'
-    '/usr/share/bash-completion/completions/declare'
-    '/usr/share/bash-completion/completions/export'
-    '/usr/share/bash-completion/completions/find'
-    '/usr/share/bash-completion/completions/function'
-    '/usr/share/bash-completion/completions/git'
-    '/usr/share/bash-completion/completions/gzip'
-    '/usr/share/bash-completion/completions/id'
-    '/usr/share/bash-completion/completions/kill'
-    '/usr/share/bash-completion/completions/mysql'
-    '/usr/share/bash-completion/completions/openssl'
-    '/usr/share/bash-completion/completions/pwd'
-    '/usr/share/bash-completion/completions/rsync'
-    '/usr/share/bash-completion/completions/scp'
-    '/usr/share/bash-completion/completions/sh'
-    '/usr/share/bash-completion/completions/sftp'
-    '/usr/share/bash-completion/completions/tar'
-    '/usr/share/bash-completion/completions/typeset'
-    '/usr/share/bash-completion/completions/wget'
-    '/etc/ld.so.conf'
-)
-DIRECTORIES_GENERAL=(
-    '/usr/lib/git-core'
-    '/usr/share/git-core'
-    '/usr/lib/locale'
-    '/usr/share/i18n'
-    '/etc/ssl'
-    '/usr/lib/ssl'
-    '/usr/share/ca-certificates'
-    '/etc/bash_completion.d'
-    '/usr/share/zoneinfo'
-    '/lib/terminfo'
-    '/usr/share/terminfo'
-    '/usr/lib/php'
-    '/etc/profile.d'
-    '/etc/ld.so.conf.d'
-)
 ### test variables/parameters
 test "$CHROOT_DIRECTORY" != ""
 
 if [ "$2" != "" ]; then
-    CHROOT_BINARY $2
+    jk_cp -j "$CHROOT_DIRECTORY" -k "$2"
-    CHROOT_LIBRARIES
-    ldconfig -r $CHROOT_DIRECTORY
     echo "copied extra binary $2";
     exit 0;
 fi
 
 ### init chroot directory
-mkdir -p $CHROOT_DIRECTORY
+if [[ -d "$CHROOT_DIRECTORY/bin" ]]; then
-chown root:www-data $CHROOT_DIRECTORY
+    chown root:root "$CHROOT_DIRECTORY"
-chmod 550 $CHROOT_DIRECTORY
+    chmod 555 "$CHROOT_DIRECTORY"
-for DIRECTORY in ${CHROOT_DIRECTORY_TO_CLEAN[@]}; do
+    jk_update -j "$CHROOT_DIRECTORY" -k /bin /lib /usr
-    rm -rf $CHROOT_DIRECTORY$DIRECTORY
+else
-done
+    mkdir -p "$CHROOT_DIRECTORY"
-ln -s usr/bin $CHROOT_DIRECTORY/bin
+    chown root:root "$CHROOT_DIRECTORY"
-ln -s usr/lib $CHROOT_DIRECTORY/lib
+    chmod 555 "$CHROOT_DIRECTORY"
-for DIRECTORY in ${CHROOT_DIRECTORY_STRUCTURE[@]}; do
+    jk_init -j "$CHROOT_DIRECTORY" -k custom_hosting
-    mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY
+    chmod 777 "$CHROOT_DIRECTORY/tmp"
-done
+    echo "export HOME=/" > "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh"
-chmod 777 $CHROOT_DIRECTORY/tmp
+    echo "export HISTFILE=/.bash_history" >> "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh"
-# users and groups
+    echo 'export PATH="$PATH:/.composer/vendor/bin"' >> "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh"
-echo "root:x:0:0:root:/root:/bin/bash" > $CHROOT_DIRECTORY/etc/passwd
+fi
-echo "www-data:x:33:33::/var/www:/bin/bash" >> $CHROOT_DIRECTORY/etc/passwd
-echo "root:x:0:" > $CHROOT_DIRECTORY/etc/group
-echo "www-data:x:33:www-data" >> $CHROOT_DIRECTORY/etc/group
-
-# /dev devices
-test -e $CHROOT_DIRECTORY/dev/null      || mknod -m 666 $CHROOT_DIRECTORY/dev/null c 1 3
-test -e $CHROOT_DIRECTORY/dev/zero      || mknod -m 666 $CHROOT_DIRECTORY/dev/zero c 1 5
-test -e $CHROOT_DIRECTORY/dev/tty       || mknod -m 666 $CHROOT_DIRECTORY/dev/tty c 5 0
-test -e $CHROOT_DIRECTORY/dev/random    || mknod -m 644 $CHROOT_DIRECTORY/dev/random c 1 8
-test -e $CHROOT_DIRECTORY/dev/urandom	|| mknod -m 644 $CHROOT_DIRECTORY/dev/urandom c 1 9
-# copy general directories
-for DIRECTORY in ${DIRECTORIES_GENERAL[@]}; do
-    rm -rf $CHROOT_DIRECTORY$DIRECTORY
-    cp -Rp $DIRECTORY $CHROOT_DIRECTORY$DIRECTORY
-done
-echo "export HOME=/" > $CHROOT_DIRECTORY/etc/profile.d/hosting.sh
-echo "export HISTFILE=/.bash_history" >> $CHROOT_DIRECTORY/etc/profile.d/hosting.sh
-echo 'export PATH="$PATH:/.composer/vendor/bin"' >> $CHROOT_DIRECTORY/etc/profile.d/hosting.sh
-# copy general files
-for FILE in ${FILES_GENERAL[@]}; do
-    cp $FILE $CHROOT_DIRECTORY$FILE
-done
-### copy shared libraries and binaries
-# general
-for BINARY in ${BINARIES_GENERAL[@]}; do
-    CHROOT_BINARY $BINARY
-done
-# git
-for BINARY in `find /usr/lib/git-core -type f`; do
-    CHROOT_BINARY $BINARY
-done
-# networking
-for LIB in /lib/*/libnss_*; do
-    ADD_LIB $LIB
-done
-# php
-for LIB in /usr/lib/php/*/*.so; do
-    ADD_LIB $LIB
-done
-CHROOT_LIBRARIES
-ldconfig -r $CHROOT_DIRECTORY
-ln -f $CHROOT_DIRECTORY/usr/bin/php8.2 $CHROOT_DIRECTORY/usr/bin/php