Added setup_chroot.sh script

README.md

@@ -25,9 +25,9 @@ To get the latest mariadb version, you should follow these instructions to add t
 
 The following command will install all required packages:
 ```
-apt-get --no-install-recommends install apt-transport-tor aspell clamav-daemon clamav-freshclam clamav-milter composer curl dovecot-imapd dovecot-pop3d git dnsmasq haveged hunspell iptables locales-all logrotate mariadb-server nginx-light postfix postfix-mysql \
+apt-get --no-install-recommends install apt-transport-tor aspell clamav-daemon clamav-freshclam clamav-milter composer curl dovecot-imapd dovecot-pop3d git dnsmasq haveged hunspell iptables locales-all logrotate mariadb-server nano nginx-light postfix postfix-mysql \
 php7.3-bcmath php7.3-bz2 php7.3-cli php7.3-curl php7.3-dba php7.3-enchant php7.3-fpm php7.3-gd php7.3-gmp php7.3-imap php7.3-intl php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-pspell php7.3-readline php7.3-recode php7.3-soap php7.3-sqlite3 php7.3-tidy php7.3-xml php7.3-xmlrpc php7.3-xsl php7.3-zip \
-phpmyadmin php-apcu php-gnupg php-imagick quota quotatool sasl2-bin ssh subversion tor vsftpd && apt-get --no-install-recommends install adminer
+phpmyadmin php-apcu php-gnupg php-imagick quota quotatool rsync sasl2-bin ssh subversion tor unzip vim vsftpd wget zip && apt-get --no-install-recommends install adminer
 ```
 
 For optimum spell checking capabilities you can optionally install the following packages:

var/www/setup_chroot.sh

@@ -0,0 +1,200 @@
+#!/bin/bash
+
+export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin"
+
+test "$1" != "" || (echo "Need path to chroot directory" && exit 1)
+
+### functions
+function CHROOT_BINARY() {
+    BINARY="$1"
+    if [ "$(echo $BINARY | grep -E '.*:.*')" != "" ]; then
+        BINARY="$(echo $BINARY | cut -d':' -f2)"
+    fi
+    LIB_FILES="$(ldd $BINARY | grep -v 'not a dynamic executable' | awk '{ print $3 }' | grep -E '^/(.*)' || echo)"
+    LDD_FILES="$(ldd $BINARY | grep -v 'not a dynamic executable' | grep 'ld-linux' | awk '{ print $1; }' || echo)"
+    if [ "$LIB_FILES" != "" ]; then
+        for LIB_FILE in $LIB_FILES; do
+            LIB_DIRECTORY="$(dirname $LIB_FILE)"
+            test -d $CHROOT_DIRECTORY$LIB_DIRECTORY || mkdir -pm 0555 $CHROOT_DIRECTORY$LIB_DIRECTORY
+            diff $LIB_FILE $CHROOT_DIRECTORY$LIB_FILE > /dev/null 2>&1 || cp $LIB_FILE $CHROOT_DIRECTORY$LIB_FILE
+            chmod 0555 $CHROOT_DIRECTORY$LIB_FILE
+        done
+    fi
+    if [ "$LDD_FILES" != "" ]; then
+        for LDD_FILE in $LDD_FILES; do
+            LDD_DIRECTORY="$(dirname $LDD_FILE)"
+            test -d $CHROOT_DIRECTORY$LDD_DIRECTORY || mkdir -pm 0555 $CHROOT_DIRECTORY${LDD_DIRECTORY}
+            diff $LDD_FILE $CHROOT_DIRECTORY$LDD_FILE > /dev/null 2>&1 || cp $LDD_FILE $CHROOT_DIRECTORY$LDD_FILE
+            chmod 0555 $CHROOT_DIRECTORY$LDD_FILE
+        done
+    fi
+    diff $BINARY $CHROOT_DIRECTORY/$BINARY > /dev/null 2>&1 || cp $BINARY $CHROOT_DIRECTORY/$BINARY
+    chmod 0555 $CHROOT_DIRECTORY/$BINARY
+}
+
+function CHROOT_FILE() {
+    diff $1 $CHROOT_DIRECTORY/$1 > /dev/null 2>&1 || cp $1 $CHROOT_DIRECTORY/$1
+}
+
+function CHROOT_DIRECTORY() {
+    test -d $CHROOT_DIRECTORY/$1 || mkdir -pm 0555 $CHROOT_DIRECTORY/$1
+    diff -r $1 $CHROOT_DIRECTORY/$1 > /dev/null 2>&1 || {
+        test ! -d $CHROOT_DIRECTORY/$1 || rm -rf $CHROOT_DIRECTORY/$1/ > /dev/null 2>&1
+        cp -Rp $1 $CHROOT_DIRECTORY/$1
+    }
+}
+
+### variables
+CHROOT_DIRECTORY=$1
+CHROOT_DIRECTORY_STRUCTURE=(
+    '/bin'
+    '/etc'
+    '/etc/default'
+    '/dev'
+    '/lib'
+    '/tmp'
+    '/usr'
+    '/usr/share'
+    '/usr/bin'
+    '/usr/lib'
+    '/usr/lib/openssh'
+    '/usr/sbin'
+    '/var'
+    '/var/run'
+)
+BINARIES_GENERAL=(
+    '/usr/lib/openssh/sftp-server'
+    '/bin/bash'
+    '/bin/sh'
+    '/usr/bin/env'
+    '/usr/bin/clear'
+    '/bin/date'
+    '/usr/bin/basename'
+    '/bin/ls'
+    '/bin/chmod'
+    '/bin/touch'
+    '/bin/mkdir'
+    '/bin/ln'
+    '/bin/rm'
+    '/bin/rmdir'
+    '/bin/cp'
+    '/bin/mv'
+    '/bin/cat'
+    '/bin/grep'
+    '/bin/egrep'
+    '/bin/fgrep'
+    '/bin/sed'
+    '/usr/bin/xargs'
+    '/usr/bin/head'
+    '/usr/bin/tr'
+    '/usr/bin/tail'
+    '/usr/bin/less'
+    '/usr/bin/tput'
+    '/usr/bin/sort'
+    '/bin/which'
+    '/usr/bin/find'
+    '/usr/bin/openssl'
+    '/bin/tar'
+    '/bin/gzip'
+    '/bin/gunzip'
+    '/usr/bin/zip'
+    '/usr/bin/unzip'
+    '/usr/bin/curl'
+    '/usr/bin/rsync'
+    '/usr/bin/wget'
+    '/usr/bin/php7.3'
+    '/usr/bin/mysql'
+    '/usr/bin/mysqldump'
+    '/usr/bin/mysqlcheck'
+    '/usr/bin/git'
+    '/usr/bin/git-receive-pack'
+    '/usr/bin/git-shell'
+    '/usr/bin/git-upload-archive'
+    '/usr/bin/git-upload-pack'
+    '/usr/sbin/nologin'
+    '/usr/bin/id'
+    '/bin/uname'
+    '/bin/nano'
+    '/usr/bin/vim'
+    '/usr/bin/vi'
+)
+FILES_GENERAL=(
+    '/etc/hosts'
+    '/etc/hostname'
+    '/etc/resolv.conf'
+    '/etc/nsswitch.conf'
+    '/etc/services'
+    '/etc/protocols'
+    '/etc/locale.alias'
+    '/etc/default/locale'
+    '/etc/localtime'
+    '/etc/profile'
+    '/etc/bash_completion'
+    '/etc/bash.bashrc'
+)
+DIRECTORIES_GENERAL=(
+    '/usr/lib/git-core'
+    '/usr/share/git-core'
+    '/usr/lib/locale'
+    '/usr/share/i18n'
+    '/etc/ssl'
+    '/usr/lib/ssl'
+    '/usr/share/ca-certificates'
+    '/usr/share/bash-completion'
+    '/etc/bash_completion.d'
+    '/usr/share/zoneinfo'
+    '/lib/terminfo'
+    '/usr/share/terminfo'
+    '/usr/lib/php'
+    '/etc/php/7.3/cli'
+    '/etc/php/7.3/mods-available'
+    '/etc/profile.d'
+)
+### test variables/parameters
+test "$CHROOT_DIRECTORY" != ""
+
+### init chroot directory
+mkdir -p $CHROOT_DIRECTORY
+chown root:www-data $CHROOT_DIRECTORY
+chmod 550 $CHROOT_DIRECTORY
+for DIRECTORY in ${CHROOT_DIRECTORY_STRUCTURE[@]}; do
+    mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY
+done
+chmod 777 $CHROOT_DIRECTORY/tmp
+# users and groups
+echo "root:x:0:0:root:/root:/bin/bash" > $CHROOT_DIRECTORY/etc/passwd
+echo "www-data:x:33:33::/var/www:/bin/bash" >> $CHROOT_DIRECTORY/etc/passwd
+echo "root:x:0:" > $CHROOT_DIRECTORY/etc/group
+echo "www-data:x:33:www-data" >> $CHROOT_DIRECTORY/etc/group
+# /dev devices
+test -e $CHROOT_DIRECTORY/dev/null      || mknod -m 666 $CHROOT_DIRECTORY/dev/null c 1 3
+test -e $CHROOT_DIRECTORY/dev/zero      || mknod -m 666 $CHROOT_DIRECTORY/dev/zero c 1 5
+test -e $CHROOT_DIRECTORY/dev/tty       || mknod -m 666 $CHROOT_DIRECTORY/dev/tty c 5 0
+test -e $CHROOT_DIRECTORY/dev/random    || mknod -m 644 $CHROOT_DIRECTORY/dev/random c 1 8
+test -e $CHROOT_DIRECTORY/dev/urandom	|| mknod -m 644 $CHROOT_DIRECTORY/dev/urandom c 1 9
+# copy general directories
+for DIRECTORY in ${DIRECTORIES_GENERAL[@]}; do
+    CHROOT_DIRECTORY $DIRECTORY
+done
+# copy general files
+for FILE in ${FILES_GENERAL[@]}; do
+    CHROOT_FILE $FILE
+done
+### copy shared libraries and binaries
+# general
+for BINARY in ${BINARIES_GENERAL[@]}; do
+    CHROOT_BINARY $BINARY
+done
+# git
+for BINARY in `find /usr/lib/git-core -type f`; do
+    CHROOT_BINARY $BINARY
+done
+# networking
+for BINARY in /lib/*/libnss_*; do
+    CHROOT_BINARY $BINARY
+done
+# php
+for BINARY in /usr/lib/php/*/*.so; do
+    CHROOT_BINARY $BINARY
+done
+diff $CHROOT_DIRECTORY/usr/bin/php7.3 $CHROOT_DIRECTORY/usr/bin/php > /dev/null 2>&1 || cp -r $CHROOT_DIRECTORY/usr/bin/php7.3 $CHROOT_DIRECTORY/usr/bin/php