jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] jk not working (?) on SuSE 9.3

From: Stephen Tallowitz
Subject: Re: [Jailkit-users] jk not working (?) on SuSE 9.3
Date: Sat, 22 Oct 2005 16:07:47 +0200 
Hello Esad,

jk_lsh is not an interactive shell. You will have to use bash or something 
similar. To achieve that, use the following command when doing su:
su - testjail -c /bin/bash
This will tell "su" that you'd like to execute bash once logged in. Of course 
you will have to have an entry in /home/jail/etc/jailkit/jk_lsh.ini:

[testjail]
paths= /bin/
executables= /bin/bash
allow_word_expansion = 0
umask = 002

Something more to watch out for: once you have passed control to /bin/bash by 
jk_lsh there is no preventing the user of calling any binary placed within the 
chroot (you are allowed to enter "ls" on the command line). For that you'd need 
an interactive shell which supports restriction of calling further binaries (I 
think there is such a mode in bash).
Something else I've noticed: you wrote that you entered "jk_addjailuser -m 
testjail". Was this just a typing error? The normal way of adding a jail-user 
is by typing "jk_addjailuser -m /home/jail testjail". If you leave out both 
directory and/or username it asks you for either the username or both directory 
and username (but never only for the directory).

Hope this helped you
Stephen

--- original message ---
On Sat, 22 Oct 2005 03:01:08 +0200
Esad Hajdarevic wrote:
> Hi everyone!
> 
> I've just installed the jk (cvs version!) and set-up everything as follows:
> 
> mdkir /home/jail
> jk_init /home/jail basicshell
> jk_init /home/jail jk_lsh
> 
> now I add the user testjail
> 
> jk_addjailuser -m testjail
> 
> and try su-ing to testjail:
> 
> su testjail
> 
> this is what I get in /var/log/messages:
> 
> jk_chrootsh[12789]: now entering jail /home/jail for user testjail (1007)
> 
> However, this never happens! The su just returns...
> 
> PS. Please include me in CC: when replying, as I'm not subscribed
> 
> Esad
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users

--- original message ends here ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]