Simple & easy way to jail users












33















I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?



I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.






ssh users chroot







share|improve this question

























  • 2nd update if users are not locked in home directories

    – One Zero
    Jan 10 '12 at 17:33











  • then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck

    – Ali
    Jan 10 '12 at 18:10






  • 1





    i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle

    – One Zero
    Jan 10 '12 at 18:23











  • How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?

    – user294399
    Jun 17 '14 at 16:00
















33















I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?



I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.






ssh users chroot







share|improve this question

























  • 2nd update if users are not locked in home directories

    – One Zero
    Jan 10 '12 at 17:33











  • then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck

    – Ali
    Jan 10 '12 at 18:10






  • 1





    i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle

    – One Zero
    Jan 10 '12 at 18:23











  • How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?

    – user294399
    Jun 17 '14 at 16:00














33












33








33


24






I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?



I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.






ssh users chroot







share|improve this question
















I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?



I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.






ssh users chroot




ssh users chroot






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 27 '14 at 14:05









Braiam

51.8k20136221




51.8k20136221










asked Jan 6 '12 at 21:27









One ZeroOne Zero

17.3k2272106




17.3k2272106













  • 2nd update if users are not locked in home directories

    – One Zero
    Jan 10 '12 at 17:33











  • then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck

    – Ali
    Jan 10 '12 at 18:10






  • 1





    i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle

    – One Zero
    Jan 10 '12 at 18:23











  • How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?

    – user294399
    Jun 17 '14 at 16:00



















  • 2nd update if users are not locked in home directories

    – One Zero
    Jan 10 '12 at 17:33











  • then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck

    – Ali
    Jan 10 '12 at 18:10






  • 1





    i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle

    – One Zero
    Jan 10 '12 at 18:23











  • How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?

    – user294399
    Jun 17 '14 at 16:00

















2nd update if users are not locked in home directories

– One Zero
Jan 10 '12 at 17:33





2nd update if users are not locked in home directories

– One Zero
Jan 10 '12 at 17:33













then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck

– Ali
Jan 10 '12 at 18:10





then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck

– Ali
Jan 10 '12 at 18:10




1




1





i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle

– One Zero
Jan 10 '12 at 18:23





i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle

– One Zero
Jan 10 '12 at 18:23













How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?

– user294399
Jun 17 '14 at 16:00





How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?

– user294399
Jun 17 '14 at 16:00










4 Answers
4






active

oldest

votes


















22














Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.



Download & Install:



http://olivier.sessink.nl/jailkit/index.html#download



VERSION=2.20 # from November 2018

cd /tmp

wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz

tar -zxvf jailkit-$VERSION.tar.gz

cd jailkit-$VERSION/

./configure

make

su -

make install


Setting up the jail



Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:



mkdir /home/jail

chown root:root /home/jail


jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ). 



jk_init -v /home/jail basicshell

jk_init -v /home/jail netutils

jk_init -v /home/jail ssh

jk_init -v /home/jail jk_lsh


Add a user



Add a new user with a home directory and bash shell, and set the password:



useradd -d /home/jailtest -m jailtest -s /bin/bash

passwd jailtest


Now it’s time to jail this user



use the following command:



jk_jailuser -m -j /home/jail jailtest


Your /etc/passwd should contain something like this now:



jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh


Enable bash



By using jk_cp the bash libraries are copied to the jail:



jk_cp -v -f /home/jail /bin/bash


Edit /home/jail/etc/passwd



replace this line:



jailtest:x:1001:1001::test:/usr/sbin/jk_lsh


with this:



jailtest:x:1001:1001::/home/jailtest:/bin/bash


Maintenance



By using jk_update updates on the real system can be updated in the jail.



A dry-run will show what’s going on:



jk_update -j /home/jail -d


Without the -d argument the real update is performed. More maintenance operations can be found here.



(In case /home/jail/opt is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail again)



Give access to other directories



You can mount special folders, that the jail user may acces now. E.g.:



mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/


Help Taken




http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html



http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )



This one also



This is been checked & verified , Working Properly







share|improve this answer


























  • +1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

    – cwd
    May 24 '13 at 22:41








  • 2





    This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

    – Matt H
    Feb 9 '14 at 23:52











  • Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

    – ONOZ
    May 20 '14 at 10:10






  • 2





    This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

    – James Heald
    Oct 14 '14 at 21:15











  • I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

    – Attila Fulop
    Feb 26 '15 at 15:30



















6














You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc



IMO the easiest method of securing users is to use apparmor.



You make a hard link



ln /bin/bash /usr/local/bin/jailbash


You add jailbash to /etc/shells



You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.



sudo chsh -s /usr/local/bin/jailbash user_to_confine


You will have to write an apparmor profile yourself, but I have a profile you could potentially start with



http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash






share|improve this answer


























  • You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

    – user606723
    Jan 6 '12 at 21:52






  • 1





    Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

    – Panther
    Jan 6 '12 at 22:08








  • 1





    I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

    – user606723
    Jan 6 '12 at 22:28











  • @bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

    – One Zero
    Jan 7 '12 at 14:44











  • you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

    – Panther
    Jan 7 '12 at 15:06



















1














It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:



Add to /etc/shells a new shell:



sudo -e /etc/shells


Add one line:



/bin/false


Save. For each user you want to deny ssh/sftp, change the user's shell:



sudo chsh -s /bin/false userx


Now userx cannot log in via ssh/sftp.



Install vsftpd:



sudo apt-get install vsftpd


Edit the config file:



sudo -e /etc/vsftpd.conf


And some changes....



anonymous_enable=NO

local_enable=YES

chroot_local_user=YES


Save. Restart vsftpd:



sudo /etc/init.d/vsftpd restart





share|improve this answer
























  • well i m want to give them ssh + sftp (connect through filezilla)

    – One Zero
    Jan 7 '12 at 5:55



















0














You could check out rbash as a shell for your users.



man bash


Search for RESTRICTED SHELL section



Or look on this page http://linux.die.net/man/1/bash






share|improve this answer



















  • 3





    Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

    – Panther
    Jan 6 '12 at 21:43













  • @bodhi.zazen You mean rbash?

    – Karlson
    Jan 6 '12 at 21:47











  • yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

    – Panther
    Jan 6 '12 at 21:49











  • can u plz tell me how do i configure it ....jailbash

    – One Zero
    Jan 7 '12 at 13:24











  • yes, man bash helps, using bash restrited shell capabilities is more simply

    – c4f4t0r
    Feb 26 '14 at 11:21











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f93411%2fsimple-easy-way-to-jail-users%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























4 Answers
4






active

oldest

votes








4 Answers
4






active

oldest

votes









active

oldest

votes






active

oldest

votes









22














Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.



Download & Install:



http://olivier.sessink.nl/jailkit/index.html#download



VERSION=2.20 # from November 2018

cd /tmp

wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz

tar -zxvf jailkit-$VERSION.tar.gz

cd jailkit-$VERSION/

./configure

make

su -

make install


Setting up the jail



Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:



mkdir /home/jail

chown root:root /home/jail


jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ). 



jk_init -v /home/jail basicshell

jk_init -v /home/jail netutils

jk_init -v /home/jail ssh

jk_init -v /home/jail jk_lsh


Add a user



Add a new user with a home directory and bash shell, and set the password:



useradd -d /home/jailtest -m jailtest -s /bin/bash

passwd jailtest


Now it’s time to jail this user



use the following command:



jk_jailuser -m -j /home/jail jailtest


Your /etc/passwd should contain something like this now:



jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh


Enable bash



By using jk_cp the bash libraries are copied to the jail:



jk_cp -v -f /home/jail /bin/bash


Edit /home/jail/etc/passwd



replace this line:



jailtest:x:1001:1001::test:/usr/sbin/jk_lsh


with this:



jailtest:x:1001:1001::/home/jailtest:/bin/bash


Maintenance



By using jk_update updates on the real system can be updated in the jail.



A dry-run will show what’s going on:



jk_update -j /home/jail -d


Without the -d argument the real update is performed. More maintenance operations can be found here.



(In case /home/jail/opt is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail again)



Give access to other directories



You can mount special folders, that the jail user may acces now. E.g.:



mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/


Help Taken




http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html



http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )



This one also



This is been checked & verified , Working Properly







share|improve this answer


























  • +1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

    – cwd
    May 24 '13 at 22:41








  • 2





    This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

    – Matt H
    Feb 9 '14 at 23:52











  • Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

    – ONOZ
    May 20 '14 at 10:10






  • 2





    This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

    – James Heald
    Oct 14 '14 at 21:15











  • I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

    – Attila Fulop
    Feb 26 '15 at 15:30
















22














Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.



Download & Install:



http://olivier.sessink.nl/jailkit/index.html#download



VERSION=2.20 # from November 2018

cd /tmp

wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz

tar -zxvf jailkit-$VERSION.tar.gz

cd jailkit-$VERSION/

./configure

make

su -

make install


Setting up the jail



Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:



mkdir /home/jail

chown root:root /home/jail


jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ). 



jk_init -v /home/jail basicshell

jk_init -v /home/jail netutils

jk_init -v /home/jail ssh

jk_init -v /home/jail jk_lsh


Add a user



Add a new user with a home directory and bash shell, and set the password:



useradd -d /home/jailtest -m jailtest -s /bin/bash

passwd jailtest


Now it’s time to jail this user



use the following command:



jk_jailuser -m -j /home/jail jailtest


Your /etc/passwd should contain something like this now:



jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh


Enable bash



By using jk_cp the bash libraries are copied to the jail:



jk_cp -v -f /home/jail /bin/bash


Edit /home/jail/etc/passwd



replace this line:



jailtest:x:1001:1001::test:/usr/sbin/jk_lsh


with this:



jailtest:x:1001:1001::/home/jailtest:/bin/bash


Maintenance



By using jk_update updates on the real system can be updated in the jail.



A dry-run will show what’s going on:



jk_update -j /home/jail -d


Without the -d argument the real update is performed. More maintenance operations can be found here.



(In case /home/jail/opt is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail again)



Give access to other directories



You can mount special folders, that the jail user may acces now. E.g.:



mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/


Help Taken




http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html



http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )



This one also



This is been checked & verified , Working Properly







share|improve this answer


























  • +1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

    – cwd
    May 24 '13 at 22:41








  • 2





    This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

    – Matt H
    Feb 9 '14 at 23:52











  • Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

    – ONOZ
    May 20 '14 at 10:10






  • 2





    This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

    – James Heald
    Oct 14 '14 at 21:15











  • I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

    – Attila Fulop
    Feb 26 '15 at 15:30














22












22








22







Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.



Download & Install:



http://olivier.sessink.nl/jailkit/index.html#download



VERSION=2.20 # from November 2018

cd /tmp

wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz

tar -zxvf jailkit-$VERSION.tar.gz

cd jailkit-$VERSION/

./configure

make

su -

make install


Setting up the jail



Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:



mkdir /home/jail

chown root:root /home/jail


jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ). 



jk_init -v /home/jail basicshell

jk_init -v /home/jail netutils

jk_init -v /home/jail ssh

jk_init -v /home/jail jk_lsh


Add a user



Add a new user with a home directory and bash shell, and set the password:



useradd -d /home/jailtest -m jailtest -s /bin/bash

passwd jailtest


Now it’s time to jail this user



use the following command:



jk_jailuser -m -j /home/jail jailtest


Your /etc/passwd should contain something like this now:



jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh


Enable bash



By using jk_cp the bash libraries are copied to the jail:



jk_cp -v -f /home/jail /bin/bash


Edit /home/jail/etc/passwd



replace this line:



jailtest:x:1001:1001::test:/usr/sbin/jk_lsh


with this:



jailtest:x:1001:1001::/home/jailtest:/bin/bash


Maintenance



By using jk_update updates on the real system can be updated in the jail.



A dry-run will show what’s going on:



jk_update -j /home/jail -d


Without the -d argument the real update is performed. More maintenance operations can be found here.



(In case /home/jail/opt is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail again)



Give access to other directories



You can mount special folders, that the jail user may acces now. E.g.:



mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/


Help Taken




http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html



http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )



This one also



This is been checked & verified , Working Properly







share|improve this answer















Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.



Download & Install:



http://olivier.sessink.nl/jailkit/index.html#download



VERSION=2.20 # from November 2018

cd /tmp

wget https://olivier.sessink.nl/jailkit/jailkit-$VERSION.tar.gz

tar -zxvf jailkit-$VERSION.tar.gz

cd jailkit-$VERSION/

./configure

make

su -

make install


Setting up the jail



Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:



mkdir /home/jail

chown root:root /home/jail


jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile, (click on it & read full detail ). 



jk_init -v /home/jail basicshell

jk_init -v /home/jail netutils

jk_init -v /home/jail ssh

jk_init -v /home/jail jk_lsh


Add a user



Add a new user with a home directory and bash shell, and set the password:



useradd -d /home/jailtest -m jailtest -s /bin/bash

passwd jailtest


Now it’s time to jail this user



use the following command:



jk_jailuser -m -j /home/jail jailtest


Your /etc/passwd should contain something like this now:



jailtest:x:1001:1001::/home/jail/./home/jailtest:/usr/sbin/jk_chrootsh


Enable bash



By using jk_cp the bash libraries are copied to the jail:



jk_cp -v -f /home/jail /bin/bash


Edit /home/jail/etc/passwd



replace this line:



jailtest:x:1001:1001::test:/usr/sbin/jk_lsh


with this:



jailtest:x:1001:1001::/home/jailtest:/bin/bash


Maintenance



By using jk_update updates on the real system can be updated in the jail.



A dry-run will show what’s going on:



jk_update -j /home/jail -d


Without the -d argument the real update is performed. More maintenance operations can be found here.



(In case /home/jail/opt is missing, create it with mkdir -p /home/jail/opt/
And run jk_update -j /home/jail again)



Give access to other directories



You can mount special folders, that the jail user may acces now. E.g.:



mount --bind /media/$USER/Data/ /home/jail/home/jailtest/test/


Help Taken




http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html



http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )



This one also



This is been checked & verified , Working Properly








share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 2 at 15:20









rubo77

14.9k2994200




14.9k2994200










answered Feb 7 '12 at 13:24









One ZeroOne Zero

17.3k2272106




17.3k2272106













  • +1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

    – cwd
    May 24 '13 at 22:41








  • 2





    This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

    – Matt H
    Feb 9 '14 at 23:52











  • Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

    – ONOZ
    May 20 '14 at 10:10






  • 2





    This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

    – James Heald
    Oct 14 '14 at 21:15











  • I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

    – Attila Fulop
    Feb 26 '15 at 15:30



















  • +1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

    – cwd
    May 24 '13 at 22:41








  • 2





    This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

    – Matt H
    Feb 9 '14 at 23:52











  • Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

    – ONOZ
    May 20 '14 at 10:10






  • 2





    This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

    – James Heald
    Oct 14 '14 at 21:15











  • I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

    – Attila Fulop
    Feb 26 '15 at 15:30

















+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

– cwd
May 24 '13 at 22:41







+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too

– cwd
May 24 '13 at 22:41






2




2





This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

– Matt H
Feb 9 '14 at 23:52





This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.

– Matt H
Feb 9 '14 at 23:52













Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

– ONOZ
May 20 '14 at 10:10





Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.

– ONOZ
May 20 '14 at 10:10




2




2





This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

– James Heald
Oct 14 '14 at 21:15





This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.

– James Heald
Oct 14 '14 at 21:15













I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

– Attila Fulop
Feb 26 '15 at 15:30





I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!

– Attila Fulop
Feb 26 '15 at 15:30













6














You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc



IMO the easiest method of securing users is to use apparmor.



You make a hard link



ln /bin/bash /usr/local/bin/jailbash


You add jailbash to /etc/shells



You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.



sudo chsh -s /usr/local/bin/jailbash user_to_confine


You will have to write an apparmor profile yourself, but I have a profile you could potentially start with



http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash






share|improve this answer


























  • You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

    – user606723
    Jan 6 '12 at 21:52






  • 1





    Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

    – Panther
    Jan 6 '12 at 22:08








  • 1





    I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

    – user606723
    Jan 6 '12 at 22:28











  • @bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

    – One Zero
    Jan 7 '12 at 14:44











  • you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

    – Panther
    Jan 7 '12 at 15:06
















6














You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc



IMO the easiest method of securing users is to use apparmor.



You make a hard link



ln /bin/bash /usr/local/bin/jailbash


You add jailbash to /etc/shells



You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.



sudo chsh -s /usr/local/bin/jailbash user_to_confine


You will have to write an apparmor profile yourself, but I have a profile you could potentially start with



http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash






share|improve this answer


























  • You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

    – user606723
    Jan 6 '12 at 21:52






  • 1





    Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

    – Panther
    Jan 6 '12 at 22:08








  • 1





    I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

    – user606723
    Jan 6 '12 at 22:28











  • @bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

    – One Zero
    Jan 7 '12 at 14:44











  • you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

    – Panther
    Jan 7 '12 at 15:06














6












6








6







You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc



IMO the easiest method of securing users is to use apparmor.



You make a hard link



ln /bin/bash /usr/local/bin/jailbash


You add jailbash to /etc/shells



You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.



sudo chsh -s /usr/local/bin/jailbash user_to_confine


You will have to write an apparmor profile yourself, but I have a profile you could potentially start with



http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash






share|improve this answer















You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc



IMO the easiest method of securing users is to use apparmor.



You make a hard link



ln /bin/bash /usr/local/bin/jailbash


You add jailbash to /etc/shells



You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.



sudo chsh -s /usr/local/bin/jailbash user_to_confine


You will have to write an apparmor profile yourself, but I have a profile you could potentially start with



http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash







share|improve this answer














share|improve this answer



share|improve this answer








edited Aug 22 '17 at 18:07

























answered Jan 6 '12 at 21:38









PantherPanther

78.8k14157259




78.8k14157259













  • You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

    – user606723
    Jan 6 '12 at 21:52






  • 1





    Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

    – Panther
    Jan 6 '12 at 22:08








  • 1





    I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

    – user606723
    Jan 6 '12 at 22:28











  • @bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

    – One Zero
    Jan 7 '12 at 14:44











  • you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

    – Panther
    Jan 7 '12 at 15:06



















  • You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

    – user606723
    Jan 6 '12 at 21:52






  • 1





    Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

    – Panther
    Jan 6 '12 at 22:08








  • 1





    I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

    – user606723
    Jan 6 '12 at 22:28











  • @bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

    – One Zero
    Jan 7 '12 at 14:44











  • you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

    – Panther
    Jan 7 '12 at 15:06

















You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

– user606723
Jan 6 '12 at 21:52





You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.

– user606723
Jan 6 '12 at 21:52




1




1





Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

– Panther
Jan 6 '12 at 22:08







Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?

– Panther
Jan 6 '12 at 22:08






1




1





I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

– user606723
Jan 6 '12 at 22:28





I think the whole point of the question was to point out tools to automate this process... like jailkit, a tool the OP mentions.

– user606723
Jan 6 '12 at 22:28













@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

– One Zero
Jan 7 '12 at 14:44





@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine

– One Zero
Jan 7 '12 at 14:44













you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

– Panther
Jan 7 '12 at 15:06





you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.

– Panther
Jan 7 '12 at 15:06











1














It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:



Add to /etc/shells a new shell:



sudo -e /etc/shells


Add one line:



/bin/false


Save. For each user you want to deny ssh/sftp, change the user's shell:



sudo chsh -s /bin/false userx


Now userx cannot log in via ssh/sftp.



Install vsftpd:



sudo apt-get install vsftpd


Edit the config file:



sudo -e /etc/vsftpd.conf


And some changes....



anonymous_enable=NO

local_enable=YES

chroot_local_user=YES


Save. Restart vsftpd:



sudo /etc/init.d/vsftpd restart





share|improve this answer
























  • well i m want to give them ssh + sftp (connect through filezilla)

    – One Zero
    Jan 7 '12 at 5:55
















1














It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:



Add to /etc/shells a new shell:



sudo -e /etc/shells


Add one line:



/bin/false


Save. For each user you want to deny ssh/sftp, change the user's shell:



sudo chsh -s /bin/false userx


Now userx cannot log in via ssh/sftp.



Install vsftpd:



sudo apt-get install vsftpd


Edit the config file:



sudo -e /etc/vsftpd.conf


And some changes....



anonymous_enable=NO

local_enable=YES

chroot_local_user=YES


Save. Restart vsftpd:



sudo /etc/init.d/vsftpd restart





share|improve this answer
























  • well i m want to give them ssh + sftp (connect through filezilla)

    – One Zero
    Jan 7 '12 at 5:55














1












1








1







It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:



Add to /etc/shells a new shell:



sudo -e /etc/shells


Add one line:



/bin/false


Save. For each user you want to deny ssh/sftp, change the user's shell:



sudo chsh -s /bin/false userx


Now userx cannot log in via ssh/sftp.



Install vsftpd:



sudo apt-get install vsftpd


Edit the config file:



sudo -e /etc/vsftpd.conf


And some changes....



anonymous_enable=NO

local_enable=YES

chroot_local_user=YES


Save. Restart vsftpd:



sudo /etc/init.d/vsftpd restart





share|improve this answer













It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:



Add to /etc/shells a new shell:



sudo -e /etc/shells


Add one line:



/bin/false


Save. For each user you want to deny ssh/sftp, change the user's shell:



sudo chsh -s /bin/false userx


Now userx cannot log in via ssh/sftp.



Install vsftpd:



sudo apt-get install vsftpd


Edit the config file:



sudo -e /etc/vsftpd.conf


And some changes....



anonymous_enable=NO

local_enable=YES

chroot_local_user=YES


Save. Restart vsftpd:



sudo /etc/init.d/vsftpd restart






share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 6 '12 at 22:54







user8290




















  • well i m want to give them ssh + sftp (connect through filezilla)

    – One Zero
    Jan 7 '12 at 5:55



















  • well i m want to give them ssh + sftp (connect through filezilla)

    – One Zero
    Jan 7 '12 at 5:55

















well i m want to give them ssh + sftp (connect through filezilla)

– One Zero
Jan 7 '12 at 5:55





well i m want to give them ssh + sftp (connect through filezilla)

– One Zero
Jan 7 '12 at 5:55











0














You could check out rbash as a shell for your users.



man bash


Search for RESTRICTED SHELL section



Or look on this page http://linux.die.net/man/1/bash






share|improve this answer



















  • 3





    Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

    – Panther
    Jan 6 '12 at 21:43













  • @bodhi.zazen You mean rbash?

    – Karlson
    Jan 6 '12 at 21:47











  • yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

    – Panther
    Jan 6 '12 at 21:49











  • can u plz tell me how do i configure it ....jailbash

    – One Zero
    Jan 7 '12 at 13:24











  • yes, man bash helps, using bash restrited shell capabilities is more simply

    – c4f4t0r
    Feb 26 '14 at 11:21
















0














You could check out rbash as a shell for your users.



man bash


Search for RESTRICTED SHELL section



Or look on this page http://linux.die.net/man/1/bash






share|improve this answer



















  • 3





    Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

    – Panther
    Jan 6 '12 at 21:43













  • @bodhi.zazen You mean rbash?

    – Karlson
    Jan 6 '12 at 21:47











  • yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

    – Panther
    Jan 6 '12 at 21:49











  • can u plz tell me how do i configure it ....jailbash

    – One Zero
    Jan 7 '12 at 13:24











  • yes, man bash helps, using bash restrited shell capabilities is more simply

    – c4f4t0r
    Feb 26 '14 at 11:21














0












0








0







You could check out rbash as a shell for your users.



man bash


Search for RESTRICTED SHELL section



Or look on this page http://linux.die.net/man/1/bash






share|improve this answer













You could check out rbash as a shell for your users.



man bash


Search for RESTRICTED SHELL section



Or look on this page http://linux.die.net/man/1/bash







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 6 '12 at 21:33









KarlsonKarlson

1,23611322




1,23611322








  • 3





    Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

    – Panther
    Jan 6 '12 at 21:43













  • @bodhi.zazen You mean rbash?

    – Karlson
    Jan 6 '12 at 21:47











  • yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

    – Panther
    Jan 6 '12 at 21:49











  • can u plz tell me how do i configure it ....jailbash

    – One Zero
    Jan 7 '12 at 13:24











  • yes, man bash helps, using bash restrited shell capabilities is more simply

    – c4f4t0r
    Feb 26 '14 at 11:21














  • 3





    Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

    – Panther
    Jan 6 '12 at 21:43













  • @bodhi.zazen You mean rbash?

    – Karlson
    Jan 6 '12 at 21:47











  • yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

    – Panther
    Jan 6 '12 at 21:49











  • can u plz tell me how do i configure it ....jailbash

    – One Zero
    Jan 7 '12 at 13:24











  • yes, man bash helps, using bash restrited shell capabilities is more simply

    – c4f4t0r
    Feb 26 '14 at 11:21








3




3





Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

– Panther
Jan 6 '12 at 21:43







Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash

– Panther
Jan 6 '12 at 21:43















@bodhi.zazen You mean rbash?

– Karlson
Jan 6 '12 at 21:47





@bodhi.zazen You mean rbash?

– Karlson
Jan 6 '12 at 21:47













yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

– Panther
Jan 6 '12 at 21:49





yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.

– Panther
Jan 6 '12 at 21:49













can u plz tell me how do i configure it ....jailbash

– One Zero
Jan 7 '12 at 13:24





can u plz tell me how do i configure it ....jailbash

– One Zero
Jan 7 '12 at 13:24













yes, man bash helps, using bash restrited shell capabilities is more simply

– c4f4t0r
Feb 26 '14 at 11:21





yes, man bash helps, using bash restrited shell capabilities is more simply

– c4f4t0r
Feb 26 '14 at 11:21


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f93411%2fsimple-easy-way-to-jail-users%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to change which sound is reproduced for terminal bell?

Image
3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
Read more

Can I use Tabulator js library in my java Spring + Thymeleaf project?

Image
0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
Read more

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

Image
up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
Read more