Author Topic: Bash script for running soldatserver in a chroot (tested on 64bit debian/ubuntu)  (Read 2414 times)

0 Members and 1 Guest are viewing this topic.

Offline jrgp

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 5036
Say you want to host a dozen or more Soldat servers, but absolutely don't want them interacting with each other or the user they're running as, while leaving shell_exec enabled. The issue, is that with shell_exec enabled, the soldat scripts *can* execute commands such as `pkill -9 soldatserver` and related to fuck up the other running soldat servers, or even worse.

The benefit of running the soldatserver in a chroot is that they don't have access to any binaries whatsoever, only have what they need to run, and can't interact with other soldatserver instances, even if they're all running as the same user.

Mount/chroot/server start script: http://jrgp.us/misc/soldatserver_chroot/chroot
Manual clean up script: http://jrgp.us/misc/soldatserver_chroot/unmount

Note, you need to be root to use the scripts because only root can use `mount --bind` and `chroot`. Example usage.

Step 1) Download the chroot and unmount script and put them somewhere. Edit the chroot script to put in your desired user/group to run the server as. (the server obviously isn't running as root; root is only needed for the chroot and mount commands)

Step 2)

# cd /home/soldat/servers/server1
# {PathToChrootScript}


Later if the above fails and you want to manually clear out bin, lib, lib32, etc:
# cd /home/soldat/servers/server1
# {PathToUnmountScript}


Important: you *must* manually cd into the soldat server folder before running either the chroot script or unmount script. If you run it while in "/", you may irreparably fuck your machine. If you don't have confidence that you know what you're doing, don't use the script. Or, if you're so inclined, feel free to add logic so it won't run if it's running with "/" as the current directory.

Furthermore, the script does not go into the background so it's probably best to run it in a screen session.

That said, comments/thoughts/whatevers are welcome.

Example command output:
Code: [Select]
joe@aeroplane:~$ ssh root@172.27.120.221
Last login: Tue Jan  3 05:39:11 2012 from 172.27.120.203
root@debve:~# cd /home/joe/soldat2/
root@debve:/home/joe/soldat2# sh chroot

             -= Soldat Dedicated Server 1.6.2 - 2.7.2 =-

----------------------------------------------------------------
       Caution! This software is still in BETA phase.
         Soldat Dedicated Server initializing...
----------------------------------------------------------------

   Need help running your server?
   IRC: #soldat.devs @ irc.quakenet.org

   ---> http://forums.soldat.pl/

   Additional parameters:
   ./soldatserver -p PORT -l MAXPLAYERS -k PASSWORD
   Example: ./soldatserver -p 23073 -l 16 -k "my pass"

Using Indy 9


 Hit CTRL+C to Exit
 Please command the server using the Soldat Admin program
Welcome to Soldat 1.6.2
 Server name: test
 Server PID: 6327
----------------------------------------------------------------
ctf_Ash by chakapoko maker
 Server IP: 127.0.0.1 Port: 23074
 Connection for file server started. Port: 23084
Registering server @ 67.23.118.186
Game server added to lobby server @ 67.23.118.186
^CServer Encountered an error:
Control-C hit
Shutting down server...
Shutting down FileServer...
Shutting down admin server...
root@debve:/home/joe/soldat2#

(If you kill 9 the chroot script and you have leftover gunk:)

Code: [Select]
root@debve:/home/joe/soldat2# sh unmount
root@debve:/home/joe/soldat2#
There are other worlds than these

Offline FliesLikeABrick

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 6144
    • Ultimate 13 Soldat
Very cool - if I start running scripting and shell_exec enabled servers for rentals again I'll definitely look to use something like this.  Start thinking about how this could be used with the U13 rentals control panel ;)

Offline Thomas

  • Major
  • *
  • Posts: 76
    • mnus.de
very nice although very simple, might come in handy some day :)

Offline jrgp

  • Administrator
  • Flamebow Warrior
  • *****
  • Posts: 5036
very nice although very simple, might come in handy some day :)

As einstein said, make things as simple as possible, but no simpler.
There are other worlds than these