[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] regular shell in a chroot jail

From: Olivier Sessink
Subject: Re: [Jailkit-users] regular shell in a chroot jail
Date: Fri, 27 Jul 2012 21:37:47 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0

On 07/18/2012 02:41 PM, Sergey Tsabolov ( aka linuxman ) wrote:
> Hi to all,
> I need some help with chroot jail .
> I install it with this howto
> http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html well and see
> is working not so good.
> First if my user can login over the ssh and only message I get when
> login is  bash: "groups: command not found" ( without quote )
> Ok this message not the problem.
> After install user lock/jail in the new "mini system" in jail /home/jail .
> But the user can go out form their home  /home/jail/home/user, if I give
> command cd / user go to /home/jail ( the root directory)

jailkit does not help you in any way to prevent users seeing files
outside their home dir. But Jailkit will make sure that there is nothing
of interest outside their homedir: only the chroot jail files.

> Second the user directory is chmod 700 , is normal ?

that depends on your requirements. This is usually a good choice.

> I don't try to use Jailkit on production system yet because some of
> users in their system have public_html directory with websites.
> How I can try on testing system to lock user on their home without give
> them possibility to go out , because if user can do it is can see others
> user directory's , ok with chmod 700 is not can read anything.
> But how users website on public_html can readable from the world.

if you want to isolate all users from each other with a public_html
directory in their home directory you might want to create a jail for
every user. Because jailkit can create jails with hardlinks (use -k or
--hardlink) this will not require any disk space.


Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]