1

First of all, I read all the chroot questions I could find on the net and on Superuser. Basically they all cover running a 32bit app running on 64bit host and so on.

I want to have an isolated system in total chroot (running lighttpd, mysql, ssh, etc from there). (For security reasons I have to isolate the dev from the live one.) So I installed the chroot environment, mounted all the neccessary things and chrooted in. Everything went fine. Edited /etc/ssh/sshd_config to use port 22222 instead of 22. Used service ssh start then. It says service running but if I try this: ssh -p 22222 localhost I get "Connection refused". The chrooted is system is very minimal so far so there is no firewall, hosts.allow/deny or anything.

ANY idea are welcome.

ps.: The chroot environment will be a development area as I already mentioned. I thought chroot is the easiest way but if you say KVM is better or something I can go for it. The machine is easily capable of running even 10 VMs easily.

Used howtos:
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=6
https://help.ubuntu.com/community/BasicChroot
http://www.gentoo.org/proj/en/base/amd64/howtos/index.xml?part=1&chap=2
http://ubuntuforums.org/showthread.php?t=248724

Improve this question

1 Answer 1

Reset to default
0

Running a development environment in a chroot on the live environment is an awful idea. It doesn't meet your requirement of isolating the development environment from the live environment at all. All it takes is a tiny mistake to kill the live server process instead of the development server, or make the development server listen on port 22 or 80.

You can run a development environment as a chroot on a developer machine, but it's harder than configuring a virtual machine. The only reason I can see not to use a VM is if your hardware is too ancient to run a VM comfortably, which you say is not the case. A VM gives you a standalone networking environment (so you can test services on their real ports, with their real firewall), a standalone process environment (so you know how much memory you really need, and how much CPU you really need), etc.

Ideally, if performance permits it, both the live environment and the development environment would be running inside VMs, using the same VM technology. This will make deployment as low-risk as can be.

Improve this answer
5
  • The live environment is running all-day and we don't really have a chance to install VM stuff on it. As far as we can do it, we'd like to use chroot... could you help with the problem? Please..
    – Apache
    Commented Aug 12, 2010 at 17:32
  • @Shiki: Setting up a chroot is harder and riskier than a VM. As you say in your question, I am saying "KVM is better" (except I'm not expressing an opinion on KVM vs some other VM technology). Putting your live environment in a VM is just icing on the cake, the important thing is to put the development environment in a separate network and process context, i.e., a VM (or different physical machine of course). I don't know why your chrooted sshd is not working as you want; and that, for me, is already an argument against a chroot.
    – Gilles 'SO- stop being evil'
    Commented Aug 12, 2010 at 18:38
  • The stuff so far. I've used VMWare since XEN and KVM needed network setting modifications which I don't really want. It s..ks seriously. I'll try installing KVM or something because VMWare is the worst since it became free (the server product..that is).
    – Apache
    Commented Aug 14, 2010 at 6:56
  • @Shiki: I've heard several independent opinions that VirtualBox was easier to use than VMWare. I've used VirtualBox and setting up simple networking (one NAT interface plus one host-only interface) was straightforward. I have no experience to relate on KVM.
    – Gilles 'SO- stop being evil'
    Commented Aug 14, 2010 at 9:18
  • Hmm.. VirtualBox.. not a bad idea. I'll try it out. Thanks!
    – Apache
    Commented Aug 14, 2010 at 16:34

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .