Re: [Jailkit-users] Adding a user to jail

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Adding a user to jail

From:	Paul Mitchell
Subject:	Re: [Jailkit-users] Adding a user to jail
Date:	Thu, 3 Sep 2009 14:56:16 -0400 (EDT)
User-agent:	Alpine 2.00 (LRH 1167 2008-08-23)

On Thu, 3 Sep 2009, Olivier Sessink wrote:

an interactive shell is a shell like bash/ksh/etc. that waits for your input.jk_lsh is a shell that will only immediately start another executable givenon the commandline. If it is started without an executable on the commandlineit will give this error. What did you do that produced this log message?


Hello Olivier,

my command:
scp address@hidden:getit .

the error:

WARNING: user pmitchel (11782) tried to run 'scp -f getit', which is notallowed according to /etc/jailkit/jk_lsh.ini


or

scp test address@hidden:drop
address@hidden's password:
lost connection

Sep 3 18:49:08 elndz01m jk_lsh[24368]: WARNING: user pmitchel (11782)tried to run 'scp -t drop', which is not allowed according to/etc/jailkit/jk_lsh.ini

WARNING: user pmitchel (11782) tried to run 'scp -t drop', which is notallowed according to /etc/jailkit/jk_lsh.ini).
and my jk_lsh.ini is:

[pmitchel]
paths= /usr/lib/
executables= /usr/libexec/openssh/sftp-server, /usr/bin/scp,/usr/lib/sftp-server
allow_word_expansion = 0
umask = 002
I assume you are referring to /home/jail/etc/jailkit/jk_lsh.ini ? can you seeif adding /usr/bin to 'paths' helps?


My current jk_lsh.ini looks like:

[pmitchel]
paths= /usr/bin, /usr/lib/

executables= /usr/bin/scp, /usr/lib/sftp-server,/usr/lib/openssh/sftp-server, /usr/libexec/openssh/sftp-server

allow_word_expansion = 0
umask = 002

As it turns out, my users are using an and SSH/sftp client which jailkitdoesn't allow in. (I can run sftp form a unix command line, however, andit works - but my users will be, for the most part, running windows).

sftp is the primary purpose of the jailkit on this server, so I'm pretty
you can, just like normal groups. You need to copy the right pieces of/etc/group to <jail>/etc/group to make it work.


Ok, thanks.

just mount the NFS share inside the jail. If you want you can add 'noexec'and 'nosuid' mount options (not sure if these are valid for nfs mounts, butgive it a try).

great, thanks. If I can get the scp/ssh option to work, then I can go onholiday! (to Ireland, yet).


Paul>

==============================================================================
        Paul Mitchell
        Enterprise Systems
        email: address@hidden
        NOTE: new location: 440 Franklin, cubby 1213
        NOTE: new desk phone: 919 962-2521 (Is here!^)
==============================================================================

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Jailkit-users] Adding a user to jail, Paul Mitchell, 2009/09/03
- Re: [Jailkit-users] Adding a user to jail, Paul Mitchell, 2009/09/03
  - Re: [Jailkit-users] Adding a user to jail, Olivier Sessink, 2009/09/03
    - Re: [Jailkit-users] Adding a user to jail, Paul Mitchell <=
    - Re: [Jailkit-users] Adding a user to jail, Olivier Sessink, 2009/09/04

Prev by Date: Re: [Jailkit-users] Adding a user to jail
Next by Date: Re: [Jailkit-users] Adding a user to jail
Previous by thread: Re: [Jailkit-users] Adding a user to jail
Next by thread: Re: [Jailkit-users] Adding a user to jail
Index(es):
- Date
- Thread