Chrooting AOLserver on Solaris, without Oracle * Make an appropriate nsadmin-sitename directory with an AOLserver install * Since it'll be running with /home/nsadmin-sitename hoisted up as /, you'll need to copy some stuff into here so that system calls and shared libraries can find their moving parts: = mkdir /home/nsadmin-sitename/etc = mkdir /home/nsadmin-sitename/dev = mkdir /home/nsadmin-sitename/tmp = mkdir -p /home/nsadmin-sitename/var/tmp = mkdir -p /home/nsadmin-sitename/usr/lib = mkdir -p /home/nsadmin-sitename/usr/ucblib = copy /etc/passwd to /home/nsadmin-sitename/etc/passwd, and edit it down to just nsadmin = make an /home/nsadmin-sitename/etc/nsswitch.conf that has in it: passwd: files = in the /home/nsadmin-sitename/dev directory, do (as root) # mknod /home/nsadmin-sitename/dev/zero c 13 12 # mknod /home/nsadmin-sitename/dev/null c 13 2 (you may want to ls -l /dev/zero and /dev/null and chase any symlinks to see if your system has a different major/minor device numbers) (the solaris threads library wants /dev/zero, and AOLserver wants /dev/null) = cp /etc/lib/nss_files.so.1 /home/nsadmin-sitename/usr/lib (for getpwnam) [a hard link might work for these guys] = cp /usr/ucblib/libucb.so.1 /home/nsadmin-sitename/usr/ucblib = cp /usr/lib/libelf.so.1 /home/nsadmin-sitename/usr/lib (for nssock) * Put the stuff you'd ordinarly put in /web into /home/nsadmin-sitename/web, and put a symlink to there into /web so that folks can find that directory to do site development. /home/nsadmin-sitename/web should include parameters, tcl, and www directories * If you need any unix commands (say you're doing an exec ls from Tcl), you'll need to copy those into /home/nsadmin-sitename/usr/bin. * Edit the sitename.ini: [ns/parameters] Home=/ auxConfigDir=/web/parameters log=sitename-error.log [ns/server/sitename] pageRoot=/web/www [ns/server/sitename/tcl] library=/web/tcl [ns/server/sitename/module/nslog] file=/log/sitename.log [ns/server/sitename/module/nsssl] CertFile=/servers/cert.pem KeyFile=/servers/key.pem ; or wherever the cert/key files are kept * Run AOLserver with "-R /home/nsadmin-sitename" in addition to other parameters. (you have to run it as root, even if you're just testing things on high ports) -------------------------------------------------- Chrooting AOLserver on Solaris, with Oracle I haven't actually tried this yet, since it looks like it involves moving all of the oracle stuff under /home/nsadmin-sitename as well. I'll see if I can get this working on my Linux box before I screw up gs.arsdigita.com. * If the Oracle driver needs any shared libs when loading, there should be a message in the server.log like this: Warning: Load of '/bin/ora8.so' failed: ld.so.1: bin/nsd: fatal: libm.so.1: open failed: No such file or directory In which case do a find from / looking for libm.so.1, and copy that into /home/nsadmin-sitename/usr/lib * copy all of the oracle jazz from /ora8/* to /home/nsadmin-sitename? -------------------------------------------------- Chrooting AOLserver on HP * It craps out on startup, saying that 'nsamdin is not a valid user name'. This means that there's some moving piece that's not being found. HP doesn't have the nifty 'truss' command to show what system calls are being made and what files are being opened, so tracking this one down will require a call to HP support, and I want to wait until we need to do it on HP before burning the time.