chroot & httpd

[-Dolphin-]

Проблема такая.

Скопировал все что нужно для httpd в /chroot/httpd/ (все библиотеки, conf, var, usr и тд)

Остановил httpd
Поправил /etc/init.d/httpd - приписал гед надо было /chroot/httpd
Старнтанул httpd - все ок, без ошибок.
Смотрю ps aux
юзер apache - httpd
то есть как и было раньше.
Ради эксперимента делаю mv /etc/www /etc/www2
Перезапускаю httpd: пишет:

service httpd restart
Stopping httpd: [ OK ]
Starting httpd: Syntax error on line 268 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
Понятно что сервис httpd использует /etc/httpd/conf/httpd.conf а надо чтобы /chroot/httpd/etc/httpd/conf/httpd.conf
Куда копать ?

[SatanaClause]

как песочницу делаем?

[-Dolphin-]

[root@test /]# service httpd stop
Stopping httpd: [ OK ]


[root@test /]# mkdir -p /chroot/httpd/dev
[root@test /]# mkdir -p /chroot/httpd/lib
[root@test /]# mkdir -p /chroot/httpd/etc
[root@test /]# mkdir -p /chroot/httpd/var/www
[root@test /]# mkdir -p /chroot/httpd/tmp
[root@test /]# chmod 777 /chroot/httpd/tmp/
[root@test /]# chmod +t /chroot/httpd/tmp/
[root@test /]# mkdir -p /chroot/httpd/usr/lib
[root@test /]# mkdir -p /chroot/httpd/usr/sbin
[root@test /]# mkdir -p /chroot/httpd/var/log
[root@test /]# mkdir -p /chroot/httpd/var/run
[root@test /]# mkdir -p /chroot/httpd/usr/lib/httpd/modules

[root@test /]# cp -R /var/www /chroot/httpd/var
[root@test /]# cp -R /etc/httpd /chroot/httpd/etc
[root@test /]# cp -R /var/log/httpd/ /chroot/httpd/var/log
[root@test /]# cp /usr/sbin/httpd /chroot/httpd/usr/sbin/
[root@test /]# mknod /chroot/httpd/dev/null c 1 3
[root@test /]# chmod 666 /chroot/httpd/dev/null
[root@test /]# cp -R /usr/lib/httpd/modules /chroot/httpd/usr/lib/httpd/


[root@test /]# ldd /chroot/httpd/usr/sbin/httpd
libssl.so.4 => /lib/libssl.so.4 (0x0082b000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0x00142000)
libgssapi_krb5.so.2 => /usr/kerberos/lib/libgssapi_krb5.so.2 (0x00dd9000)
libkrb5.so.3 => /usr/kerberos/lib/libkrb5.so.3 (0x00e86000)
libcom_err.so.3 => /usr/kerberos/lib/libcom_err.so.3 (0x00807000)
libk5crypto.so.3 => /usr/kerberos/lib/libk5crypto.so.3 (0x00111000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00b91000)
libz.so.1 => /usr/lib/libz.so.1 (0x00410000)
libpcre.so.0 => /lib/libpcre.so.0 (0x00f24000)
libpcreposix.so.0 => /usr/lib/libpcreposix.so.0 (0x00540000)
libaprutil-0.so.0 => /usr/lib/libaprutil-0.so.0 (0x003e9000)
libdb-4.1.so => /lib/libdb-4.1.so (0x00233000)
libexpat.so.0 => /usr/lib/libexpat.so.0 (0x002f5000)
libapr-0.so.0 => /usr/lib/libapr-0.so.0 (0x00580000)
librt.so.1 => /lib/tls/librt.so.1 (0x003b9000)
libm.so.6 => /lib/tls/libm.so.6 (0x00af5000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x00c05000)
libnsl.so.1 => /lib/libnsl.so.1 (0x00abc000)
libdl.so.2 => /lib/libdl.so.2 (0x00dce000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x009b1000)
libc.so.6 => /lib/tls/libc.so.6 (0x005e2000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x005cc000)


[root@test /]# cp /lib/libssl.so.4 /chroot/httpd/lib/
[root@test /]# cp /lib/libcrypto.so.4 /chroot/httpd/lib/
[root@test /]# mkdir -p /chroot/httpd/usr/kerberos/lib
[root@test /]# cp /usr/kerberos/lib/libgssapi_krb5.so.2 /chroot/httpd/usr/kerberos/lib/
[root@test /]# cp /usr/kerberos/lib/libkrb5.so.3 /chroot/httpd/usr/kerberos/lib/
[root@test /]# cp /usr/kerberos/lib/libcom_err.so.3 /chroot/httpd/usr/kerberos/lib/
[root@test /]# cp /usr/kerberos/lib/libk5crypto.so.3 /chroot/httpd/usr/kerberos/lib/
[root@test /]# cp /lib/libresolv.so.2 /chroot/httpd/lib/
[root@test /]# cp /usr/lib/libz.so.1 /chroot/httpd/usr/lib/
[root@test /]# cp /lib/libpcre.so.0 /chroot/httpd/lib/
[root@test /]# cp /usr/lib/libpcreposix.so.0 /chroot/httpd/usr/lib/
[root@test /]# cp /usr/lib/libaprutil-0.so.0 /chroot/httpd/usr/lib/
[root@test /]# cp /lib/libdb-4.1.so /chroot/httpd/lib/
[root@test /]# cp /usr/lib/libexpat.so.0 /chroot/httpd/usr/lib/
[root@test /]# cp /usr/lib/libapr-0.so.0 /chroot/httpd/usr/lib/
[root@test /]# mkdir -p /chroot/httpd/lib/tls
[root@test /]# cp /lib/tls/librt.so.1 /chroot/httpd/lib/tls/
[root@test /]# cp /lib/tls/libm.so.6 /chroot/httpd/lib/tls/
[root@test /]# cp /lib/libcrypt.so.1 /chroot/httpd/lib/
[root@test /]# cp /lib/libnsl.so.1 /chroot/httpd/lib/
[root@test /]# cp /lib/libdl.so.2 /chroot/httpd/lib/
[root@test /]# cp /lib/tls/libpthread.so.0 /chroot/httpd/lib/tls/
[root@test /]# cp /lib/tls/libc.so.6 /chroot/httpd/lib/tls/
[root@test /]# cp /lib/ld-linux.so.2 /chroot/httpd/lib/


[root@test /]# cp /etc/passwd /chroot/httpd/etc/
[root@test /]# cp /etc/group /chroot/httpd/etc/

passwd: www:x:88:88:Apache Server:/home/www:/bin/false
group: www:x:88:

[root@test /]# cp /etc/resolv.conf /chroot/httpd/etc/
[root@test /]# cp /etc/localtime /chroot/httpd/etc/
[root@test /]# cp /etc/hosts /chroot/httpd/etc/

mcedit /etc/init.d/httpd-test

. /etc/init.d/functions
. /etc/sysconfig/network

if [ -f /etc/sysconfig/httpd ] ; then
. /etc/sysconfig/httpd
fi

INITLOG_ARGS=""

[ ${NETWORKING} = "no" ] && exit 0


[ -f /chroot/httpd/usr/sbin/httpd ] || exit 0

apachectl=/usr/sbin/apacheclt1
httpd=/usr/sbin/httpd

RETVAL=0
prog="httpd"

start() {
echo -n $"Starting $prog: "
/usr/sbin/chroot /chroot/httpd /usr/sbin/httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}

stop() {
echo -n $"Shuting down $prog: "
kill -TERM 'cat /chroot/httpd/var/run/httpd.pid'
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd
/var/run/httpd.pid
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
status)
status /chroot/httpd/usr/sbin/httpd
RETVAL=$?
;;
restart)
stop
start
REVTAL=$?
;;
*)
echo $"Usage: $0 {start|stop|stauts|restart}"
exit 1
esac
exit $RETVAL



[root@test /]# service httpd-test start
Startin httpd: /usr/sbin/httpd: error while loading shared libraries: libgssapi_krb5.so.2: cannot open shared object file: No such file or directory

Хотя libgssapi_krb5.so.2 в /chroot/httpd/usr/kerberos/lib/ как и требовалось через ldd

[-Dolphin-]

Ладно я библиотеки все добавил в /chroot/httpd/lib
Вот новая проблема:

[root@test /]# service httpd-test start
Startin httpd: Syntax error on line 6 of /etc/httpd/conf.d/authz_ldap.conf:
Cannot load /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so into server: /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so: cannot open shared object file: No such file or directory

Смотрел /etc/httpd/conf.d/authz_ldap.conf
я так понимаю там надо указать директорию к модулю но никак не мойму что )

вот что у меня там:

LoadModule authz_ldap_module /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so

[SatanaClause]

если сказано "No such file or directory" значит No such file or directory. Проверяйте файло

[perf]

Ладно я библиотеки все добавил в /chroot/httpd/lib
Вот новая проблема:

[root@test /]# service httpd-test start
Startin httpd: Syntax error on line 6 of /etc/httpd/conf.d/authz_ldap.conf:
Cannot load /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so into server: /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so: cannot open shared object file: No such file or directory

Смотрел /etc/httpd/conf.d/authz_ldap.conf
я так понимаю там надо указать директорию к модулю но никак не мойму что )

вот что у меня там:

LoadModule authz_ldap_module /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so

В конфигах ставь нормальные пути как и были т.е без /chroot/httpd <- это становится корнем ..

(Апач начинает искать путь [Cannot load /chroot/httpd/etc/httpd/modules/mod_authz_ldap.so] внутри "песочницы" и естественно его не находит)

(LoadModule authz_ldap_module /etc/httpd/modules/mod_authz_ldap.so)

[-Dolphin-]

Ок с модулями я разобрался, теперь все модули в клетке.

Вот какая проблема:
[root@test /]# groupadd -g 49 www
[root@test /]# useradd -u 49 -g 49 -s /sbin/nologin -M -r -d /var/www www

[root@test /]# service httpd-test start
Startin httpd: httpd: bad user name www


/chroot/httpd/etc/httpd/conf/httpd.conf :
user www
group www

/etc/httpd/conf/httpd.conf
user www
group www

[murder]

Ок с модулями я разобрался, теперь все модули в клетке.

Вот какая проблема:
[root@test /]# groupadd -g 49 www
[root@test /]# useradd -u 49 -g 49 -s /sbin/nologin -M -r -d /var/www www

[root@test /]# service httpd-test start
Startin httpd: httpd: bad user name www


/chroot/httpd/etc/httpd/conf/httpd.conf :
user www
group www

/etc/httpd/conf/httpd.conf
user www
group www

смотри в сторону /lib

Код: Выделить всё

murder@server:/$ ls -la /chroot/apache/lib/
итого 1980
drwxr-xr-x  2 root sys     4096 2006-04-13 14:08 ./
drwxr-xr-x  8 root sys     4096 2006-03-28 03:26 ../
-rwxr-xr-x  1 root sys    99790 2005-09-11 02:05 ld-2.3.5.so*
lrwxrwxrwx  1 root sys       11 2006-03-28 03:26 ld-linux.so.2 -> ld-2.3.5.so*
-rwxr-xr-x  1 root sys  1340373 2005-09-11 02:05 libc-2.3.5.so*
-rwxr-xr-x  1 root sys    25168 2005-09-11 02:05 libcrypt-2.3.5.so*
lrwxrwxrwx  1 root sys       17 2006-03-28 03:26 libcrypt.so.1 -> libcrypt-2.3.5.so*
lrwxrwxrwx  1 root sys       13 2006-03-28 03:26 libc.so.6 -> libc-2.3.5.so*
-rwxr-xr-x  1 root sys    13126 2005-09-11 02:05 libdl-2.3.5.so*
lrwxrwxrwx  1 root sys       14 2006-03-28 03:26 libdl.so.2 -> libdl-2.3.5.so*
-rwxr-xr-x  1 root sys   176353 2005-09-11 02:05 libm-2.3.5.so*
lrwxrwxrwx  1 root sys       13 2006-03-28 03:26 libm.so.6 -> libm-2.3.5.so*
-rwxr-xr-x  1 root sys    92507 2005-09-11 02:05 libnsl-2.3.5.so*
lrwxrwxrwx  1 root sys       15 2006-03-28 03:26 libnsl.so.1 -> libnsl-2.3.5.so*
-rwxr-xr-x  1 root sys   21024 2005-09-11 02:05 libnss_dns-2.3.5.so*
lrwxrwxrwx  1 root sys      19 2006-04-13 14:08 libnss_dns.so.2 -> libnss_dns-2.3.5.so*
-rwxr-xr-x  1 root sys    41351 2005-09-11 02:05 libnss_files-2.3.5.so*
lrwxrwxrwx  1 root sys       21 2006-03-28 03:26 libnss_files.so.2 -> libnss_files-2.3.5.so*
-rwxr-xr-x  1 root sys    80929 2006-03-28 03:26 libpthread-0.10.so*
lrwxrwxrwx  1 root sys       18 2006-03-28 03:26 libpthread.so.0 -> libpthread-0.10.so*
-rwxr-xr-x  1 root sys    73805 2005-09-11 02:05 libresolv-2.3.5.so*
lrwxrwxrwx  1 root sys       18 2006-03-28 03:26 libresolv.so.2 -> libresolv-2.3.5.so*

[-Dolphin-]

то есть по смыслу все библиотеки должны принадлежать root:sys или пользователю www от которого я запускаю клетку для апача ?

[murder]

имхо оч нежелательно, чтобы системные файлы принадлежали пользователю www, у меня он имеет права только на /var/log/apache для логов) и /var/run. Все остальное под root:sys.
а на счет твоей ошибки, у меня просто было тоже самое, пока я не скопировал недостающие библиотеки в /lib ничего не заработало, поэтому и выложил тебе свой вариант

[perf]

Ок с модулями я разобрался, теперь все модули в клетке.

Вот какая проблема:
[root@test /]# groupadd -g 49 www
[root@test /]# useradd -u 49 -g 49 -s /sbin/nologin -M -r -d /var/www www

[root@test /]# service httpd-test start
Startin httpd: httpd: bad user name www


/chroot/httpd/etc/httpd/conf/httpd.conf :
user www
group www

/etc/httpd/conf/httpd.conf
user www
group www

/etc/passwd скопировал в "Песочницу" ?

что "говорит" команда (grep www /chroot/httpd/etc/passwd) ?

{
если нету файла то копируй
grep www /etc/passwd > /chroot/httpd/etc/passwd
grep www /etc/group > /chroot/httpd/etc/group
}

[SatanaClause]

Что типо этого вам надо, на основе етого я создаю песочницы для клиентов. Если довести до ума то можно и для апачи сипользовать

Код: Выделить всё

#!/bin/sh

APPS="/usr/bin/tar /usr/local/bin/wget /usr/bin/perl /usr/bin/more \
    /usr/bin/make /usr/bin/fetch /usr/bin/man /usr/bin/find \
    /usr/bin/gzip /usr/bin/gunzip /usr/bin/vi /usr/bin/ee \
    /usr/bin/patch /usr/local/bin/mc /usr/local/bin/mcmfmt \
    /usr/local/bin/mcedit /usr/sbin/chown  /bin/expr\
    /bin/rmdir /bin/chmod /bin/tcsh /bin/sh /bin/csh \
    /usr/local/bin/bash /bin/ls /bin/mkdir /bin/mv \
    /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /usr/bin/ldd \
    /sbin/ping /bin/cp /bin/echo /bin/cat /bin/date \
    /bin/pwd /bin/ln /bin/link /bin/ps /usr/local/bin/unzip \
    /usr/bin/sed /usr/bin/grep /usr/bin/cc /usr/bin/gcc \
    /usr/libdata/gcc /sbin/ldconfig /usr/sbin/mtree \
    /usr/bin/uname /usr/bin/diff /usr/bin/tr /usr/bin/sort \
    /usr/bin/awk /usr/bin/nawk  /usr/bin/less /usr/local/bin/unrar \
    /usr/bin/tail /usr/local/bin/perl /usr/bin/bzip2 /usr/bin/nroff \
    /usr/bin/netstat /usr/bin/sockstat"

# Sanity check
if [ "$1" = "" ]; then
    echo "    Usage: ./make_crot.sh [ username ] [ home ]"
    exit
fi
if [ "$2" = "" ]; then
        echo "    Usage: ./make_crot.sh [ username ] [ home ]"
        exit
fi

# Obtain username and HomeDir
CHROOT_USERNAME=$1
HOMEDIR=$2

#HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME"  | cut -d':' -f 6`
GROUP_ID=`/usr/bin/groups $CHROOT_USERNAME`

/bin/mkdir ${HOMEDIR}/etc
/bin/mkdir ${HOMEDIR}/bin
/bin/mkdir ${HOMEDIR}/sbin
/bin/mkdir ${HOMEDIR}/usr
/bin/mkdir ${HOMEDIR}/usr/home
/bin/mkdir ${HOMEDIR}/${HOMEDIR}
/bin/mkdir ${HOMEDIR}/${HOMEDIR}/.mc
/bin/mkdir ${HOMEDIR}/${HOMEDIR}/www
/bin/mkdir ${HOMEDIR}/${HOMEDIR}/www/log
/bin/mkdir ${HOMEDIR}/${HOMEDIR}/www/cgi-bin
/bin/mkdir ${HOMEDIR}/${HOMEDIR}/www/data
/bin/mkdir ${HOMEDIR}/usr/bin
/bin/mkdir ${HOMEDIR}/usr/sbin
/bin/mkdir ${HOMEDIR}/usr/lib
/bin/mkdir ${HOMEDIR}/usr/home
/bin/mkdir ${HOMEDIR}/usr/local
/bin/mkdir ${HOMEDIR}/usr/share
/bin/mkdir ${HOMEDIR}/usr/share/misc
/bin/mkdir ${HOMEDIR}/usr/local/bin
/bin/mkdir ${HOMEDIR}/usr/local/lib
/bin/mkdir ${HOMEDIR}/usr/local/share
/bin/mkdir ${HOMEDIR}/dev
/bin/mkdir ${HOMEDIR}/usr/libexec
/bin/mkdir ${HOMEDIR}/tmp
/bin/mkdir ${HOMEDIR}/var
/bin/mkdir ${HOMEDIR}/var/cron
/bin/mkdir ${HOMEDIR}/var/cron/tabs
/bin/mkdir ${HOMEDIR}/var/run
/bin/mkdir ${HOMEDIR}/var/tmp
/bin/mkdir ${HOMEDIR}/libexec

# Create short version to /usr/bin/groups
# On some system it requires /bin/sh,
# which is generally unnessesary in a chroot c
/bin/echo "#!/bin/sh" > ${HOMEDIR}/usr/bin/groups
/bin/echo "/usr/bin/id -Gn ${CHROOT_USERNAME}" > ${HOMEDIR}/usr/bin/groups
/bin/echo "/usr/bin/id -Gn root" >> ${HOMEDIR}/usr/bin/groups
/bin/chmod +x ${HOMEDIR}/usr/bin/groups

# Add some users to ./etc/paswd
/usr/bin/grep /etc/passwd -e "^${CHROOT_USERNAME}" -e "^root" > ${HOMEDIR}/etc/passwd
/usr/bin/grep /etc/master.passwd -e "^${CHROOT_USERNAME}" > ${HOMEDIR}/etc/master.passwd
/usr/bin/grep /etc/group -e "^${GROUP_ID}" > ${HOMEDIR}/etc/group
/bin/cp /etc/pwd.db ${HOMEDIR}/etc/pwd.db
/bin/cp /etc/spwd.db ${HOMEDIR}/etc/spwd.db
/usr/sbin/pwd_mkdb -d ${HOMEDIR}/etc ${HOMEDIR}/etc/master.passwd

/bin/echo "wheel:*:0:root" >> ${HOMEDIR}/etc/group
/bin/echo "root:*:0:0::0:0:Charlie &:/root:/usr/sbin/nologin" >> ${HOMEDIR}/etc/master.passwd

# Copy the apps and the related libs
for prog in $APPS;  do
    /bin/cp $prog ${HOMEDIR}$prog
    # obtain a list of related libraryes
    /usr/bin/ldd $prog > /dev/null
    if [ "$?" = 0 ]; then
        LIBS=`/usr/bin/ldd $prog | awk '{ print $3 }'`
        for l in $LIBS; do
        /bin/mkdir ${HOMEDIR}`/usr/bin/dirname $l` > /dev/null 2>&1
        /bin/cp -f $l ${HOMEDIR}$l
        done
    fi
done

# From some strange reason these 3 libraries are not in the ldd output, but withou
# some stuff will not work, like usr/bin/groups
/bin/cp -f /usr/libexec/ld-elf.so.1 ${HOMEDIR}/usr/libexec/ld-elf.so.1
/bin/cp -f /etc/manpath.config ${HOMEDIR}/etc/manpath.config
/bin/cp -f /etc/termcap ${HOMEDIR}/etc/termcap
/bin/cp -f /usr/share/misc/termcap.db ${HOMEDIR}/usr/share/misc/termcap.db
/bin/cp -f /usr/bin/zcat ${HOMEDIR}/usr/bin/zcat
/bin/cp -f /etc/motd ${HOMEDIR}/etc/motd
/bin/cp -R /usr/home/chroot/ ${HOMEDIR}/${HOMEDIR}
/bin/cp -R /usr/local/share/mc ${HOMEDIR}/usr/local/share/mc
/bin/cp /libexec/ld-elf.so.1 ${HOMEDIR}/libexec/ld-elf.so.1


#/bin/echo "export TERMCAP=/etc/termcap" >> ${HOMEDIR}/usr/home/${CHROOT_USERNAME}/.profile
#/bin/echo "setenv TERMCAP /etc/termcap" >> ${HOMEDIR}/usr/home/${CHROOT_USERNAME}/.cshrc
#/bin/cp -f  ${HOMEDIR}


/sbin/mknod ${HOMEDIR}/dev/null c 2 2
/sbin/mknod ${HOMEDIR}/dev/sa0 c 2 2

/bin/cp -R /usr/share/man ${HOMEDIR}/usr/share/man

# vistavliaem prava
#/usr/sbin/chown -R root:wheel ${HOMEDIR}
#/bin/chmod -R 711 ${HOMEDIR}

/usr/sbin/chown -R ${CHROOT_USERNAME}:${CHROOT_USERNAME} ${HOMEDIR}/${HOMEDIR}
/bin/chmod 777 ${HOMEDIR}/${HOMEDIR}/www
/bin/chmod -R 777 ${HOMEDIR}/${HOMEDIR}/www
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.cshrc
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.login
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.login_conf
/bin/chmod 600 ${HOMEDIR}/${HOMEDIR}/.mail_aliases
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.mailrc
/bin/chmod 755 ${HOMEDIR}/${HOMEDIR}/.mc
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.mc/Tree
/bin/chmod 600 ${HOMEDIR}/${HOMEDIR}/.mc/history
/bin/chmod 444 ${HOMEDIR}/${HOMEDIR}/.mc/ini
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.profile
/bin/chmod 600 ${HOMEDIR}/${HOMEDIR}/.rhosts
/bin/chmod 644 ${HOMEDIR}/${HOMEDIR}/.shrc

/bin/chmod 777 ${HOMEDIR}/tmp
/bin/chmod 777 ${HOMEDIR}/var/tmp

ln -s ${HOMEDIR} ${HOMEDIR}/home
ln -s ${HOMEDIR}/.mc ${HOMEDIR}/home/.mc