|
From: | Steve Mapes |
Subject: | Re: [Jailkit-users] How to allow a user from outside of jail to access a folder inside the jail? |
Date: | Fri, 14 Dec 2007 12:07:12 +0000 |
User-agent: | Thunderbird 2.0.0.9 (Windows/20071031) |
I gave that a try, but I still get access denied problems This is what I am trying to achieve /jailroot/home/user1 the jailusers folder. /jailroot/home/user1/upload The folder where they place items to be imported by the webuser account. Owner is user1, group is "jailusers" which includes user1 and webuser /www/uploads/user1 A symlink to /jailroot/home/user1/upload/ When the user SCP's files to their "upload" folder the files will, of course, be available to them inside of the jail through their home folder, but also appear in the /www/uploads/user1 folder where I want the webuser account to access them from outside of the jail. The problem is that the webuser gets permission denied even though they are a member of the same group as the jailuser and the group has read/write access to the files. This is how I created the jail in the first place, perhaps I've missed something out Create jail base mkdir /jailroot chown root:root /jailroot chmod 0755 /jailroot Add main requirements jk_init -j /jail jk_lsh jk_init -j /jailroot scp Add extra commands required by WinSCP jk_cp -v -f /home/jailroot /bin/bash jk_cp -v -f /home/jailroot /bin/cp jk_cp -v -f /home/jailroot /bin/mv jk_cp -v -f /home/jailroot /bin/mkdir jk_cp -v -f /home/jailroot /bin/rmdir jk_cp -v -f /home/jailroot /bin/rm Create new "jailusers" group adding in existing non-jailed "webuser" vi /etc/group Create new jailed account, forcing group to "jailusers" adduser user1 -g XXXXX Set initial password passwd user1 Add to jail user jk_jailuser -j /jailroot user1 Edit the config file (/jailroot/etc/jailkit/jk_lsh.ini) [user1] paths= /usr/bin executables= /usr/bin/scp [group jailusers] allowed_jails= /jailroot skip_injail_passwd_check= 1 Point the user to use the right shell (/bin/bash for WinSCP) vi /jailroot/etc/passwd restart jk_socketd killall jk_socketd jk_socketd Create new uploads folder mkdir /jailroot/home/user1/upload Set Onwer + Initial permissions chown user1:jailuser /jailroot/home/user1/upload chmod 0660 upload Create symlink for webuser to access the files from outside of the jail ln -s /jailroot/home/user1/upload /www/uploads/user1 Olivier Sessink wrote: Steven Mapes wrote: |
[Prev in Thread] | Current Thread | [Next in Thread] |