From 13badf0063511219246cca7b5d40f10598aca665 Mon Sep 17 00:00:00 2001
From: Petr Baudis <pasky@ucw.cz>
Date: Wed, 7 Nov 2007 14:56:06 +0100
Subject: [PATCH] Elaborate chroot content

---
 README | 73 +++++++++++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 54 insertions(+), 19 deletions(-)

diff --git a/README b/README
index 0ddd149..8fa084a 100644
--- a/README
+++ b/README
@@ -20,25 +20,60 @@ This is how the push access is provided:
 The whole setup is confined in a chroot with its own instance of sshd running.
 The chroot looks like:
 
-	/bin/sh
-	/bin/git-shell
-	/bin/git-upload-pack
-	/bin/git-receive-pack
-	/bin/git-rev-list
-	/bin/git-pack-objects
-	/bin/git-unpack-objects
-	/bin/git-update-server-info
-	/bin/git-repack
-	/sbin/sshd
-	/dev/randomstuff
-	/lib/randomstuff
-	/var/empty
-	/var/run/mob
-	/srv/git/...
-	/etc/group
-	/etc/passwd
-	/etc/sshkeys/*
-	/etc/ssh/randomstuff
+drwxr-xr-x root     repo  /
+drwxr-xr-x root     repo  /bin
+------x--x root     repo  /bin/sh
+------x--x root     root  /bin/git-index-pack
+------x--x root     root  /bin/git-pack-objects
+------x--x root     root  /bin/git-receive-pack
+------x--x root     root  /bin/git-repack
+------x--x root     root  /bin/git-rev-list
+------x--x root     root  /bin/git-shell
+------x--x root     root  /bin/git-unpack-objects
+------x--x root     root  /bin/git-update-server-info
+------x--x root     root  /bin/git-upload-pack
+drwxr-xr-x root     repo  /sbin
+---x------ root     repo  /sbin/sshd
+drwxr-xr-x root     repo  /lib
+-r-xr-xr-x root     repo  /lib/libwrap.so.0
+-r-xr-xr-x root     repo  /lib/libpam.so.0
+-r-xr-xr-x root     repo  /lib/libresolv.so.2
+-r-xr-xr-x root     repo  /lib/libcrypto.so.0.9.7
+-r-xr-xr-x root     repo  /lib/libutil.so.1
+-r-xr-xr-x root     repo  /lib/libz.so.1
+-r-xr-xr-x root     repo  /lib/libnsl.so.1
+-r-xr-xr-x root     repo  /lib/libcrypt.so.1
+-r-xr-xr-x root     repo  /lib/libpthread.so.0
+-r-xr-xr-x root     repo  /lib/libc.so.6
+-r-xr-xr-x root     repo  /lib/ld-linux.so.2
+-r-xr-xr-x root     repo  /lib/libnss_compat.so.2
+-r-xr-xr-x root     repo  /lib/libgcc_s.so.1
+-r-xr-xr-x root     repo  /lib/libdl.so.2
+drwxrwsr-x repo     repo  /etc
+-rw-rw-r-- www-data repo  /etc/passwd
+-rw-rw-r-- www-data repo  /etc/group
+drwxr-x--- root     repo  /etc/ssh
+-rw-r--r-- root     repo  /etc/ssh/moduli
+-rw------- root     repo  /etc/ssh/ssh_host_rsa_key
+-rw-r--r-- root     repo  /etc/ssh/ssh_host_rsa_key.pub
+-rw------- root     repo  /etc/ssh/ssh_host_dsa_key
+-rw-r--r-- root     repo  /etc/ssh/ssh_host_dsa_key.pub
+-rw-r--r-- root     repo  /etc/ssh/sshd_config
+drwxrwsr-x repo     repo  /etc/sshkeys
+drwxrwsr-x pasky    repo  /srv/git
+drwxr-xr-x root     repo  /var
+drwxr-xr-x root     root  /var/run
+drwxr-xr-x root     repo  /var/run/sshd
+---------- 65538    root  /var/run/mob
+-rw-r--r-- root     root  /var/run/sshd.pid
+drwxr-xr-x root     root  /srv
+drwxr-xr-x root     root  /dev
+crw-rw-rw- root     root  /dev/null
+crw-rw-rw- root     root  /dev/zero
+crw-rw-rw- root     root  /dev/random
+cr--r--r-- root     root  /dev/urandom
+srw-rw-rw- root     root  /dev/log
+lrwxrwxrwx root     root  /usr -> .
 
 There is a (non-chroot) system user 'repo' and a group of the same name (the
 webserver is member of the group; TODO: suexec). The files in /etc are owned
-- 
2.11.4.GIT