[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] `git clone` allowing access to files outside chroot

From: Daniel Lo Nigro
Subject: Re: [Jailkit-users] `git clone` allowing access to files outside chroot
Date: Fri, 12 Jul 2013 08:37:33 +1000

Thanks Chris, that's such an obvious oversight on my behalf! I'll try it out again tonight with the correct Git path (including the username) and see if it works as expected.

On Fri, Jul 12, 2013 at 1:52 AM, Chris Tankersley <address@hidden> wrote:
The issue is with the way you are using the SSH command. It's trying to ssh in as 'daniel', not as the test user (unless you've set that up in your ssh config). I'm guessing 'daniel' isn't jailed, where the 'test' user is.


On Thu, Jul 11, 2013 at 9:41 AM, Daniel Lo Nigro <address@hidden> wrote:

Firstly, thanks for Jailkit. I stumbled on it while searching for how to create a chroot jail. Wish I had found it earlier, it's a very handy tool!

I'm using Debian Testing. Here's what I've done for my setup:

jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp git
jk_jailuser  -m -j /home/jail/ -s /bin/bash test

Connecting via SSH and SFTP are both fine, and the user is jailed as expected. There is a Git repository at /home/test/git/example in the jail. When I try to clone this Git repository, it fails:

address@hidden:/tmp$ git clone ssh://example.com/home/test/git/example .
Cloning into '.'...
fatal: '/home/test/git/example' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

However, if I use the full path (/home/jail/...), it works:
address@hidden:/tmp$ git clone ssh://example.com/home/jail/home/test/git/example .
Cloning into '.'...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.

This leads me to believe that Git isn't being jailed for some reason. Any ideas on how to fix my configuration so that SSH login shells and SFTP are jailed, and Git is also jailed?


Daniel Lo Nigro
http://dan.cx/ | http://twitter.com/Daniel15

Jailkit-users mailing list

Chris Tankersley

Jailkit-users mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]