I couldn’t find a good guide for running teamspeak3 inside of a chroot. And that’s the only way I’d be running it, given that it is a binary blob… This guide is for a Debian system, should probably work for Ubuntu, but it shouldn’t be hard to adjust to other distributions.
- Install jailkit. It’s not in Debian, but it provides a working packaging script that you just have to use to build the package yourself:
# USE REGULAR USER apt-get install build-essential fakeroot # download jailkit, see the link above. Extract it. cd jailkit-2.15 dpkg-buildpackage -uc -uc -rfakeroot sudo dpkg -i ../jailkit*.deb
- Configure the chroot, and install teamspeak 3 in it. Note that I’m assuming amd64 here.
# AS ROOT mkdir -p /var/chroot/ts3 cd /var/chroot/ts3 cat << EOF >> start.sh #!/bin/bash exec ./ts3server_startscript.sh start EOF chmod +x start.sh tar xavf $TEAMSPEAKTARGZ # Replace with where you stored the teamspeak download adduser --system --home /var/chroot/ts3/./teamspeak3-server_linux-amd64 \ --disabled-password --group --shell /start.sh ts3 mkdir teamspeak3-server_linux-amd64/logs chown ts3:ts3 teamspeak3-server_linux-amd64 teamspeak3-server_linux-amd64/logs jk_jailuser -j $PWD ts3 cat << EOF >> /etc/jailkit/jk_init.ini [ts3] devices = /dev/null, /dev/random, /dev/urandom, /dev/zero paths = /usr/lib/libstdc++.so.6, /etc/localtime users = root groups = root includesections = uidbasics, netbasics, basicshell EOF jk-init -v -j $PWD ts3
-
Boot script:
cat << 'EOF' >> /etc/init.d/teamspeak3 #!/bin/bash ### BEGIN INIT INFO # Provides: teamspeak3 # Required-Start: $local_fs $remote_fs $network $named # Required-Stop: $local_fs $remote_fs $network $named # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # X-Interactive: false # Short-Description: Start/stop teamspeak 3 server ### END INIT INFO shm=/var/chroot/ts3/dev/shm pidfile=/var/chroot/ts3/teamspeak3-server_linux-amd64/ts3server.pid case "$1" in start) mount -t tmpfs tmpfs $shm su ts3 ;; stop) echo -n "Stopping the TeamSpeak 3 server" if ( kill -TERM $(cat $pidfile) 2> /dev/null ); then c=1 while [ "$c" -le 300 ]; do if ( kill -0 $(cat $pidfile) 2> /dev/null ); then echo -n "." sleep 1 else break fi c=$((++c)) done fi if ( kill -0 $(cat $pidfile) 2> /dev/null ); then echo "Server is not shutting down cleanly - killing" kill -KILL $(cat $pidfile) else echo "done" fi rm $pidfile umount $shm ;; *) echo "Usage: $0 {start|stop}" ;; esac EOF chmod +x /etc/init.d/teamspeak3 insserv teamspeak3
- Recommended: Block outside access to server query, since it’s a telnet based protocol (unencrypted)
iptables -A INPUT -p tcp ! -s 127.0.0.1 --dport 10011 -j REJECT
The point of this guide is to never run the server outside of the chroot. Also I noticed that if the environment wasn’t set up correctly, and the server ran but had strange error messages in the log and didn’t actually work, I had to delete the database file (ts3server.sqlite) and start from scratch.
That’s it, you’re ready to go. Let me know if I missed something.