Question

27

Simple & easy way to jail users

rated 0 times [ 27] [ 0] / answers: 1 / hits: 76391 / 3 Years ago, wed, july 14, 2021, 3:51:34

I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?

I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

fotres

Add To Favorites

Follow

Total Points: 35

Total Questions: 124

Total Answers: 112

Location: Federated States of Micronesia

Member since Sat, Jun 4, 2022

2 Years ago

answered 3 Years ago tisglitter · Accepted Answer

Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.

Download & Install:

http://olivier.sessink.nl/jailkit/index.html#download

VERSION=2.20 # from November 2018

cd /tmp

wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz

tar -zxvf jailkit-$VERSION.tar.gz

cd jailkit-$VERSION/

./configure

make

su -

make install

Setting up the jail

Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:

mkdir /home/jail

chown root:root /home/jail

jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ).

jk_init -v /home/jail basicshell

jk_init -v /home/jail netutils

jk_init -v /home/jail ssh

jk_init -v /home/jail jk_lsh

Add a user

Add a new user with a home directory and bash shell, and set the password:

useradd -d /home/jailtest -m jailtest -s /bin/bash

passwd jailtest

Now it’s time to jail this user

use the following command:

jk_jailuser -m -j /home/jail jailtest

Your /etc/passwd should contain something like this now:

jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh

Enable bash

By using jk_cp the bash libraries are copied to the jail:

jk_cp -v -f /home/jail /bin/bash

Edit `/home/jail/etc/passwd`

replace this line:

jailtest:x:1001:1001::test:/usr/sbin/jk_lsh

with this:

jailtest:x:1001:1001::/home/jailtest:/bin/bash

Maintenance

By using jk_update updates on the real system can be updated in the jail.

A dry-run will show what’s going on:

jk_update -j /home/jail -d

Without the -d argument the real update is performed. More maintenance operations can be found here.

(In case /home/jail/opt is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail again)

Give access to other directories

You can mount special folders, that the jail user may acces now. E.g.:

mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/

Help Taken

http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html

http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )

This one also

This is been checked & verified , Working Properly