Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

Run Debian guest in a faked chroot on a Managed Server with PRoot

profile picture
Author
Alexander Knerlein
Published
2022-03-22
Time to read
5 minutes reading time
Table of Contents

Introduction

In this tutorial we will learn how to run a Debian system on a Managed Server with PRoot. PRoot is a rootless implementation of chroot. To download and install Debian in a subdirectory we need to run debootstrap. By default debootstrap can't run without root permissions, but we can use fakechroot and fakeroot to manipulate this behaviour.

Prerequisites

  • Managed Server with enabled SSH access
  • Hetzner Development Package (hos-dev) -> please ask the support

Step 1 - Install fakechroot

We need to download and compile the source.

Before we start, create a directory for the sources to keep the home directory clean.

cd
mkdir src
cd src

Download and compile the fakechroot sources.

  • Always check here for newer stable versions
wget https://github.com/dex4er/fakechroot/releases/download/2.20.1/fakechroot-2.20.1.tar.gz
tar xzvf fakechroot-2.20.1.tar.gz
cd fakechroot-2.20.1
./configure --prefix=/usr/home/holu/fakechroot
make -j $(($(grep ^cpu\ cores /proc/cpuinfo | uniq | sed s/[^0-9]//g)+1))
make install
cd

Step 2 - Build the system with debootstrap

Run debootstrap with fakechroot and fakeroot to download and install the system in the subdirectory debian-root.

./fakechroot/bin/fakechroot fakeroot /usr/sbin/debootstrap --variant=fakechroot --arch amd64 bullseye debian-root https://deb.debian.org/debian

Remove unnecessary symlinks after installation.

rm debian-root/{dev,proc}

Step 3 - Use PRoot to start a shell in the new system

Step 3.1 - Download PRoot

Download PRoot and set the permissions.

wget https://proot.gitlab.io/proot/bin/proot
chmod 744 proot

Step 3.2 - Start the shell

PRoot into debian-root, bind required diectories from the host system and start a root shell in the guest system.

PROOT_TMP_DIR="/usr/home/holu/.tmp" ./proot -0 -r debian-root -b /dev -b /proc -b /sys -b /usr/home/holu:/mnt/realhome -b /usr/www/users/holu:/mnt/realhome/public_html -w /root /usr/bin/env -i USER=root HOME=/root PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=$TERM LANG=C.UTF-8 /bin/bash -l

Good to know:

  • Your real home would be mounted in /mnt/realhome with the above command
  • You can only use ports > 1024 for services
  • If your proot process gets killed, please ask the support for a process release
  • Other processes inside of the PRoot maybe also need a process release
  • You can use /bin/bash -l -c "<command>" to run a command without interactive shell

Step 4 - Prepare the system

Step 4.1 - Build the sources.list

Add the apt repositories to the /etc/apt/sources.list.

echo "deb http://deb.debian.org/debian/ bullseye main contrib non-free" > /etc/apt/sources.list
echo "deb-src http://deb.debian.org/debian/ bullseye main contrib non-free" >> /etc/apt/sources.list
echo "deb http://security.debian.org/debian-security bullseye-security main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free" >> /etc/apt/sources.list
echo "deb http://deb.debian.org/debian/ bullseye-backports main contrib non-free" >> /etc/apt/sources.list
echo "deb-src http://deb.debian.org/debian/ bullseye-backports main contrib non-free" >> /etc/apt/sources.list

Step 4.2 - Fix users and groups

Before running apt on this system, we need to check for some often missing users and groups and create them if necessary.

getent passwd _apt || echo '_apt:x:100:65534::/nonexistent:/usr/sbin/nologin' >> /etc/passwd
getent passwd systemd-timesync || echo 'systemd-timesync:x:101:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin' >> /etc/passwd
getent shadow _apt || echo '_apt:*:19026:0:99999:7:::' >> /etc/shadow
getent shadow systemd-timesync || echo 'systemd-timesync:*:19026:0:99999:7:::' >> /etc/shadow
getent group systemd-timesync || echo 'systemd-timesync:x:101:' >> /etc/group
getent group input || echo 'input:x:102:' >> /etc/group
getent group kvm || echo 'kvm:x:103:' >> /etc/group
getent group render || echo 'render:x:104:' >> /etc/group
getent group crontab || echo 'crontab:x:105:' >> /etc/group
getent group netdev || echo 'netdev:x:106:' >> /etc/group
getent gshadow systemd-timesync || echo 'systemd-timesync:!::' >> /etc/gshadow
getent gshadow input || echo 'input:!::' >> /etc/gshadow
getent gshadow kvm || echo 'kvm:!::' >> /etc/gshadow
getent gshadow render || echo 'render:!::' >> /etc/gshadow
getent gshadow crontab || echo 'crontab:!::' >> /etc/gshadow
getent gshadow netdev || echo 'netdev:!::' >> /etc/gshadow

Step 4.3 - Update the system for the first time

apt update
apt upgrade

Conclusion

Now you know a solution how to run a Debian guest system on a Managed Server inside of PRoot. Because you are root on this system, you can use it to install software and run tasks that require root access. Please also understand that some software can be inexecutable or faulty, because you are still in a restricted environment. Please visit the website of the developer for further information.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue

Discover our

Managed Servers

Focus on your projects. We'll take care of the configuration and updates.

Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue