Simple & easy way to jail users
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
add a comment |
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
add a comment |
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
ssh users chroot
edited Jan 27 '14 at 14:05
Braiam
51.5k20136220
51.5k20136220
asked Jan 6 '12 at 21:27
One ZeroOne Zero
17.2k2272106
17.2k2272106
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
add a comment |
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
add a comment |
4 Answers
4
active
oldest
votes
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
VERSION=2.20 # from November 2018
cd /tmp
wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz
tar -zxvf jailkit-$VERSION.tar.gz
cd jailkit-$VERSION/
./configure
make
su -
make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
mkdir /home/jail
chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ).
jk_init -v /home/jail basicshell
jk_init -v /home/jail netutils
jk_init -v /home/jail ssh
jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
useradd -d /home/jailtest -m jailtest -s /bin/bash
passwd jailtest
Now it’s time to jail this user
use the following command:
jk_jailuser -m -j /home/jail jailtest
Your /etc/passwd
should contain something like this now:
jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are copied to the jail:
jk_cp -v -f /home/jail /bin/bash
Edit /home/jail/etc/passwd
replace this line:
jailtest:x:1001:1001::test:/usr/sbin/jk_lsh
with this:
jailtest:x:1001:1001::/home/jailtest:/bin/bash
Maintenance
By using jk_update
updates on the real system can be updated in the jail.
A dry-run will show what’s going on:
jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
(In case /home/jail/opt
is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail
again)
Give access to other directories
You can mount special folders, that the jail user may acces now. E.g.:
mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
|
show 4 more comments
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit
, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
|
show 5 more comments
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |
You could check out rbash
as a shell for your users.
man bash
Search for RESTRICTED SHELL
section
Or look on this page http://linux.die.net/man/1/bash
3
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash
?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f93411%2fsimple-easy-way-to-jail-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
VERSION=2.20 # from November 2018
cd /tmp
wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz
tar -zxvf jailkit-$VERSION.tar.gz
cd jailkit-$VERSION/
./configure
make
su -
make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
mkdir /home/jail
chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ).
jk_init -v /home/jail basicshell
jk_init -v /home/jail netutils
jk_init -v /home/jail ssh
jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
useradd -d /home/jailtest -m jailtest -s /bin/bash
passwd jailtest
Now it’s time to jail this user
use the following command:
jk_jailuser -m -j /home/jail jailtest
Your /etc/passwd
should contain something like this now:
jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are copied to the jail:
jk_cp -v -f /home/jail /bin/bash
Edit /home/jail/etc/passwd
replace this line:
jailtest:x:1001:1001::test:/usr/sbin/jk_lsh
with this:
jailtest:x:1001:1001::/home/jailtest:/bin/bash
Maintenance
By using jk_update
updates on the real system can be updated in the jail.
A dry-run will show what’s going on:
jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
(In case /home/jail/opt
is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail
again)
Give access to other directories
You can mount special folders, that the jail user may acces now. E.g.:
mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
|
show 4 more comments
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
VERSION=2.20 # from November 2018
cd /tmp
wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz
tar -zxvf jailkit-$VERSION.tar.gz
cd jailkit-$VERSION/
./configure
make
su -
make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
mkdir /home/jail
chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ).
jk_init -v /home/jail basicshell
jk_init -v /home/jail netutils
jk_init -v /home/jail ssh
jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
useradd -d /home/jailtest -m jailtest -s /bin/bash
passwd jailtest
Now it’s time to jail this user
use the following command:
jk_jailuser -m -j /home/jail jailtest
Your /etc/passwd
should contain something like this now:
jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are copied to the jail:
jk_cp -v -f /home/jail /bin/bash
Edit /home/jail/etc/passwd
replace this line:
jailtest:x:1001:1001::test:/usr/sbin/jk_lsh
with this:
jailtest:x:1001:1001::/home/jailtest:/bin/bash
Maintenance
By using jk_update
updates on the real system can be updated in the jail.
A dry-run will show what’s going on:
jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
(In case /home/jail/opt
is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail
again)
Give access to other directories
You can mount special folders, that the jail user may acces now. E.g.:
mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
|
show 4 more comments
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
VERSION=2.20 # from November 2018
cd /tmp
wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz
tar -zxvf jailkit-$VERSION.tar.gz
cd jailkit-$VERSION/
./configure
make
su -
make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
mkdir /home/jail
chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ).
jk_init -v /home/jail basicshell
jk_init -v /home/jail netutils
jk_init -v /home/jail ssh
jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
useradd -d /home/jailtest -m jailtest -s /bin/bash
passwd jailtest
Now it’s time to jail this user
use the following command:
jk_jailuser -m -j /home/jail jailtest
Your /etc/passwd
should contain something like this now:
jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are copied to the jail:
jk_cp -v -f /home/jail /bin/bash
Edit /home/jail/etc/passwd
replace this line:
jailtest:x:1001:1001::test:/usr/sbin/jk_lsh
with this:
jailtest:x:1001:1001::/home/jailtest:/bin/bash
Maintenance
By using jk_update
updates on the real system can be updated in the jail.
A dry-run will show what’s going on:
jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
(In case /home/jail/opt
is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail
again)
Give access to other directories
You can mount special folders, that the jail user may acces now. E.g.:
mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
VERSION=2.20 # from November 2018
cd /tmp
wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz
tar -zxvf jailkit-$VERSION.tar.gz
cd jailkit-$VERSION/
./configure
make
su -
make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
mkdir /home/jail
chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ).
jk_init -v /home/jail basicshell
jk_init -v /home/jail netutils
jk_init -v /home/jail ssh
jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
useradd -d /home/jailtest -m jailtest -s /bin/bash
passwd jailtest
Now it’s time to jail this user
use the following command:
jk_jailuser -m -j /home/jail jailtest
Your /etc/passwd
should contain something like this now:
jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are copied to the jail:
jk_cp -v -f /home/jail /bin/bash
Edit /home/jail/etc/passwd
replace this line:
jailtest:x:1001:1001::test:/usr/sbin/jk_lsh
with this:
jailtest:x:1001:1001::/home/jailtest:/bin/bash
Maintenance
By using jk_update
updates on the real system can be updated in the jail.
A dry-run will show what’s going on:
jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
(In case /home/jail/opt
is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail
again)
Give access to other directories
You can mount special folders, that the jail user may acces now. E.g.:
mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
edited Jan 2 at 15:20
rubo77
14.6k2993198
14.6k2993198
answered Feb 7 '12 at 13:24
One ZeroOne Zero
17.2k2272106
17.2k2272106
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
|
show 4 more comments
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
|
show 4 more comments
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit
, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
|
show 5 more comments
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit
, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
|
show 5 more comments
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
edited Aug 22 '17 at 18:07
answered Jan 6 '12 at 21:38
PantherPanther
78.3k14157259
78.3k14157259
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit
, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
|
show 5 more comments
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit
, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.– user606723
Jan 6 '12 at 21:52
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
There is nothing stopping you from linking/copying files you feel they need.– user606723
Jan 6 '12 at 21:52
1
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
1
I think the whole point of the question was to point out tools to automate this process... like
jailkit
, a tool the OP mentions.– user606723
Jan 6 '12 at 22:28
I think the whole point of the question was to point out tools to automate this process... like
jailkit
, a tool the OP mentions.– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
|
show 5 more comments
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
answered Jan 6 '12 at 22:54
user8290
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |
You could check out rbash
as a shell for your users.
man bash
Search for RESTRICTED SHELL
section
Or look on this page http://linux.die.net/man/1/bash
3
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash
?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |
You could check out rbash
as a shell for your users.
man bash
Search for RESTRICTED SHELL
section
Or look on this page http://linux.die.net/man/1/bash
3
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash
?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |
You could check out rbash
as a shell for your users.
man bash
Search for RESTRICTED SHELL
section
Or look on this page http://linux.die.net/man/1/bash
You could check out rbash
as a shell for your users.
man bash
Search for RESTRICTED SHELL
section
Or look on this page http://linux.die.net/man/1/bash
answered Jan 6 '12 at 21:33
KarlsonKarlson
1,23611322
1,23611322
3
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash
?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |
3
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash
?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
3
3
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You mean
rbash
?– Karlson
Jan 6 '12 at 21:47
@bodhi.zazen You mean
rbash
?– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f93411%2fsimple-easy-way-to-jail-users%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00