Chroot and installing Debian inside base Linux
Installing a Linux inside a Linux and giving the access through ssh to an user along with providing some services through the main server is a very specific requirement, and an interesting one to have in your admin skills.
I assume you will be installing an app my_webapp__1 through Yunohost that gives a empty container for PHP use. But if you want try this on normal Debian system, then you must have an web server installed like Nginx, Apache etc. A folder and user with user having access to that folder. Lastly a ssh server to connect remotely.
If your installation is ready go to step 2. Assume my_webapp__1 as your folder and user. Change the names according to your configurations.
- Install my_webapp on yunohost.
# yunohost app install https://github.com/YunoHost-Apps/my_webapp_ynh/
- Remove force sftp for the app from ssh
# nano /etc/ssh/sshd_config
ForceCommand internal-sftp from the my_webapp__1 or the what ever your my_webapp instance number is.
- Allow the user to have ssh permission by adding the line
- Restart ssh
# service ssh restart
- Install debootstrap. Read more about chroot and debootstrap here
# apt-get install debootstrap
- Install the choice of os in chroot directory.
# debootstrap stable /var/www/my_webapp__1 http://deb.debian.org/debian/
- You can login to the root of the new installed os by chroot
# chroot /var/www/my_webapp__1
- Install the required packages like ssh,sudo
# apt-get install ssh sudo
- Exit the chroot
- The uid of users should be same for both users in the real os and the chroot os. So we put the real os uid of the my_webapp__1 user to the chroot my_webapp__1 after creating it.
# cat /etc/passwd
Check the uid of the my_webapp__1 and copy it.
Again login to chroot directory by step 7 and create a user my_webapp__1 in chroot OS.
# adduser my_webapp__1
Give it the same password as real OS user.
- Make the uid of the real os same with the chroot os by coping the uid of real os to chroot os.
# nano /etc/passwd
Copy the uid to the my_webapp__2
- Now you can ssh to the chroot folder with the my_webapp__1 user.
$ ssh email@example.com
Enter password and you will be in the shell as my_webapp__1 user of chroot os.
Sometimes the my_webapp__1 will require root privileges. For this either you can give my_webapp__2 as root privileges or login as root by su. Other way is giving user privilege to run sudo without password and with root access by editing /etc/sudoers.
Login to the chroot root by step 7 again and add the user to have sudo privieges.
# nano /etc/sudoers
Add this line under Allow members of group sudo to execute any command
my_webapp__1 ALL=(ALL) NOPASSWD: ALL
Now you can ssh to the chroot by ssh firstname.lastname@example.org and run any command which require by sudo.