jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Adding a user to jail

From: Olivier Sessink
Subject: Re: [Jailkit-users] Adding a user to jail
Date: Thu, 03 Sep 2009 20:45:49 +0200
User-agent: Thunderbird 2.0.0.23 (X11/20090817) 
Paul Mitchell wrote:

On Thu, 3 Sep 2009, Paul Mitchell wrote:
WARNING: user pmitchel (11782) tried to get an interactive shell session (/usr/sbin/jk_lsh), which is never allowed by jk_lsh 


This is confusing!
an interactive shell is a shell like bash/ksh/etc. that waits for your input. jk_lsh is a shell that will only immediately start another executable given on the commandline. If it is started without an executable on the commandline it will give this error. What did you do that produced this log message?
Note: I tried sftp and it allowed me to get and put a file! (I'll probably get scp to work as well, once I update the /home/jail/etc/jailkit/jk_lsh.ini file - the error was:
WARNING: user pmitchel (11782) tried to run 'scp -t drop', which is not allowed according to /etc/jailkit/jk_lsh.ini). 

and my jk_lsh.ini is:

[pmitchel]
paths= /usr/lib/
executables= /usr/libexec/openssh/sftp-server, /usr/bin/scp, /usr/lib/sftp-server 
allow_word_expansion = 0
umask = 002
I assume you are referring to /home/jail/etc/jailkit/jk_lsh.ini ? can you see if adding /usr/bin to 'paths' helps?
sftp is the primary purpose of the jailkit on this server, so I'm pretty relieved. There is one more task, however:
It appears that one can create groups in jailkit - I have two sepearate users, both in the same department, which need to upload files into a common space.
you can, just like normal groups. You need to copy the right pieces of /etc/group to <jail>/etc/group to make it work.
We have a large amount of space NFS mounted from a SUN thumper, but it lies outside of the /home/jail directory. I imagine there's no method for making a soft or hard link to this space (since that would sort of defeat the idea of a jail). Should I just declare this space my jail? 

you concluded right ;-)
just mount the NFS share inside the jail. If you want you can add 'noexec' and 'nosuid' mount options (not sure if these are valid for nfs mounts, but give it a try). 

Olivier
reply via email to
[Prev in Thread] Current Thread [Next in Thread]