Re: [Jailkit-users] Adding a user to jail

[Paul Mitchell]

On Thu, 3 Sep 2009, Paul Mitchell wrote:

> WARNING: user pmitchel (11782) tried to get an interactive shell session 
> (/usr/sbin/jk_lsh), which is never allowed by jk_lsh

> This is confusing!

Note: I tried sftp and it allowed me to get and put a file!  (I'll 
probably get scp to work as well, once I update the 
/home/jail/etc/jailkit/jk_lsh.ini file - the error was:

WARNING: user pmitchel (11782) tried to run 'scp -t drop', which is not 
allowed according to /etc/jailkit/jk_lsh.ini).

and my jk_lsh.ini is:

[pmitchel]
paths= /usr/lib/
executables= /usr/libexec/openssh/sftp-server, /usr/bin/scp, 
/usr/lib/sftp-server
allow_word_expansion = 0
umask = 002

sftp is the primary purpose of the jailkit on this server, so I'm pretty 
relieved.  There is one more task, however:

It appears that one can create groups in jailkit - I have two sepearate 
users, both in the same department, which need to upload files into a 
common space.

We have a large amount of space NFS mounted from  a SUN thumper, but it 
lies outside of the /home/jail directory. I imagine there's no method for 
making a soft or hard link to this space (since that would sort of defeat 
the idea of a jail).  Should I just declare this space my jail?

Thanks for your help,

Paul
==============================================================================
        Paul Mitchell
        Enterprise Systems
        email: address@hidden
        NOTE: new location: 440 Franklin, cubby 1213
        NOTE: new desk phone: 919 962-2521 (Is here!^)
==============================================================================