Re: [Jailkit-users] Using "rootsh" with jailkit

[Olivier Sessink]

Charley Marsh wrote:
> Hello! I have just found jailkit in my search for ways to restrict
> command execution to end-users, and it works great. I have a jail set up
> with a limited number of executables available and that seems to be
> working OK, and it was very easy to set up. Kudos!
> 
>  My next step is to keep an audit log of all user activity. I have tried
> using the "script" command, but in a root jail I get the error message
> "openpty failed" and the command dies. I tried mounting /dev/pts and
> /proc filesystems inside the jail but that did not seem to help.
> 
>  I have also tried using the "rootsh" command, but when I run that
> command as a user in a jail it comes back and says "i don't know who you
> are". Running the jk_list command as a non-jailed user, I see three
> things running under the user context "nobody" but nothing under the
> account that is in the jail. The user is set up to do the jk_chrootsh in
> /etc/passwd.
> 
> My real goal is to have an audit log of all activity by users inside the
> jail. My preference right now would be to get rootsh working, but if you
> know of a better way or one more suited to running in a chroot
> environment I am open to that as well. I apologize for listing too many
> issues in one thread but I am unsure on how to begin. I greatly
> appreciate any help!

In both cases you can debug the chroot jail with strace, as is described
here: http://olivier.sessink.nl/jailkit/howtos_debug_jails.html

this way you can find out which file is missing with script, or which
file is missing with rootsh. If you find the issue, please let us know,
we can adjust the default jk_init.ini to have a section for rootsh.

regards,
        Olivier