Re: [Jailkit-users] Group management question

[Olivier Sessink]

Al Sheldon wrote:
[..]
> I would like to setup a user who can access specific directories of
> specific Jail users, in other words a master to only a select set of
> users on the server.
[..]

you'll need to make the data readable for a certain group, make the
directory owned by that group and 'set group id on execution' so all
files will have that group, set the umask (option 'umask = 002' in
jk_lsh.ini inside the jail) and add the master user as member of that
group (in both /etc/group and <jail>/etc/group).

> However if I relax the group permissions I
> believe that the users would be able to view each others data?  And if I
> change the group from users to something I create I cannot connect (get
> an error that the group is not set to users). 

on the most recent jailkit (not sure if that is possible in 2.0, perhaps
only in CVS), there are new options for jk_chrootsh
'relax_home_group_permissions=1', and 'relax_home_group=1', that allow
you to have different group ownership and different permissions on the
users home directories.

regards,
        Olivier