Re: [Jailkit-users] help , Keith

[Stephen Tallowitz]

Hell Keith,

you have forgotten to include the path
/usr/libexec/openssh/ in the path directive of /home/jail/etc/jailkit/jk_lsh.ini

If you're executing jk_lsh in the chroot (here /home/jail/) you do not have to 
edit /etc/jailkit/jk_lsh.ini, it won't have any effect. /etc/jailkit/jk_lsh.ini 
is only useful if you're letting users login into you 'real' system. This might 
be the case if you want to limit what programs they want to execute but don't 
want to setup a chroot.

Cheers,
Stephen

On Wed, 13 Sep 2006 13:57:05 -0400
address@hidden wrote:

> Olivier;
> I change home jail passwd back to jk_lsh for user mike, and added
> /usr/libexec/openssh/sftp-server as an executable in both
> /etc/jailkit/jk_lsh.ini and /home/jail/etc/jailkit/jk_lsh.ini thinking
> that might work but I get: I've included my jk_lsh.ini files
> 
> session opened for user mike by (uid=0)
> Sep 13 11:51:16 fpsft jk_chrootsh[7746]: now entering jail /home/jail
> for user mike (500)
> Sep 13 15:51:16 fpsft jk_lsh[7746]: jk_lsh version 2.1, started
> Sep 13 15:51:16 fpsft jk_lsh[7746]: WARNING: user mike (500) tried to
> run '/usr/libexec/openssh/sftp-server', which is not allowed according
> to /etc/jailkit/jk_lsh.ini
> Sep 13 11:51:16 fpsft sshd(pam_unix)[7745]: session closed for user mike
> 
> /etc/jailkit/jk_lsh.ini:
> ## example for a user
> [mike]
> paths= /usr/lib/ /usr/bin /usr/sbin
> executables= /usr/sbin/jk_lsh /usr/bin/scp /usr/bin/ssh
> /usr/libexec/openssh/sftp-server
> #allow_word_expansion = 0
> #umask = 002
> #
> ##example for a group, there should be only 1 space inbetween the words!
> #[group users]
> #paths = /usr/bin
> #executables = /usr/bin/cvs
> #allow_word_expansion = 0
> #environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/
> 
> /home/jail/etc/jailkit/jk_lsh is the same....
> 
> Thanks for all your help Keith....
> 
> Ps whether or not you use a leading "/" it just adds or not the slash in
> var/log/messages