Pages

Nov 8, 2011

Linux jail/lock/chroot users to homedir


Jailing, Chrooting, Locking users/applications...



Yes, they do give it a lot of names... but if all you want to do is to create a user on your system and give him ssh/ftp access without exposing your whole system - therefore jailing him - just follow this steps. I promise it will take no more than 5 mins!


This as been tested by myself on Ubuntu 10.04


STEP 1
download & extract jailkit, then:
./configure
make
make install

STEP 2
set up the jail path:
sudo mkdir /jail
sudo chown root:root /jail

STEP 3
define the environment
sudo jk_init -v /jail basicshell
sudo jk_init -v /jail editors
sudo jk_init -v /jail extendedshell
sudo jk_init -v /jail netutils
sudo jk_init -v /jail ssh
sudo jk_init -v /jail sftp
sudo jk_init -v /jail jk_lsh

STEP 4
add a user
sudo adduser dummy
sudo jk_jailuser -m -j /jail dummy
sudo mkdir -p /jail/home/dummy
chown dummy:dummy /jail/home/dummy

VERIFY
/jail/etc/group should look like:
dummy:x:500:

/jail/etc/passwd should look like:
dummy:x:1001:500::/home/dummy:/bin/bash

Now login via ssh/sftp with the dummy user. You should see a small portion of a filesystem if you change directory do / but you won't be able to see the REAL system files.

Thanks to http://ubuntuforums.org/showthread.php?t=248724 !

No comments:

Post a Comment