Comments (5)
Add the following lines to your config file, and reinstall the jail.
dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server
from jail-shell.
Add the following lines to your config file, and reinstall the jail.
dir /usr/lib/openssh 0755 root:root clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server
I appreciate the response, however, these two lines don't make sense and I've been using Linux for at least 20 years.
Are you saying that /usr/lib/openssh needs to be owned by root:root and set to 0755 permissions?
And what is clink and why when i google search for it am i getting many references to Windows environment?
If I didn't know any better, you are expecting me to be working with Windows. I am trying to do this on a Linux server.
from jail-shell.
use this command to edit the specific jail-shell config, test-jail
is the jail name
sudo jail-shell jail -e test-jail
and add those lines to the jail config, after that save and exit.
(this will add sftp-server to the jail.)
dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server
and then run the following commad to reinstall the specific jail-shell
sudo jail-shell jail -i test-jail
from jail-shell.
use this command to edit the specific jail-shell config,
test-jail
is the jail namesudo jail-shell jail -e test-jailand add those lines to the jail config, after that save and exit.
(this will add sftp-server to the jail.)dir /usr/lib/openssh 0755 root:root clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-serverand then run the following commad to reinstall the specific jail-shell
sudo jail-shell jail -i test-jail
Awesome!! that works, but not exactly what I wanted (but very, very close)
The goal is to ensure that when users sign in, they are dropped into their home directory. I am currently using for virtual web hosting, the /home//public_html and would like that for the sftp and forcing chroot type behavior so users cannot browse above this directory.
Like sftp, i would like users who use ssh to be dropped into their home directory. I would also like to see that they cannot browse above their /home// directory.
Can this be achieved with jail-shell and how?
Additionally, i am stumped as to what the proper permissions should be for /home and for /home/[user]/.
Mind you, I am using containerized Apache/PHP etc with a bind mount between the container's /var/www/html and the local host file system's /home/[user]/public_html. This is the ideal situation however if things need to be different to use the jail-shell system, I would be more than glad to adopt your methods or techniques.
TLDR; (Shorter description of needs)
- Need users locked to user directory.
- Need users with the ability to write to their home directory.
- Need recommended permissions for /home and /home/[user] (or change of structure as you would recommend and their permissions)
Your help is greatly appreciated. I just donated $30 USD to show my appreciation and if you can help me solve my problem you will be greatly rewarded as I can do so.
from jail-shell.
try the following config, this will map /home/[user] in jail /home/[user]
bind /home/%u/ /home/%u/ rw,nodev,noexec,nosuid
DESC:
bind a directory to jail
COMMAND:
bind [SRC] DEST OPTION
OPTION: rw,ro,dev,nodev,exec,noexec, refer to (man mount) for the parameter description
%u in path '[SRC] DEST' will be replaced as user name
EXAMPLE:
bind / ro,nodev,nosuid
bind /opt/ /opt/ ro,nodev,noexec
bind /opt/upload /opt/upload rw,nodev,noexec,nosuid
bind /opt/%u /opt/upload ro,nodev,noexec,nosuid
from jail-shell.
Related Issues (20)
- Build error HOT 1
- Home directory is stuck in read only. HOT 1
- Cannot allocate memory
- allow jail user to restart services HOT 1
- Issue getting SCP to work on jail HOT 1
- socket to jail
- /home/user is empty HOT 7
- warnings after Werror removed in makefile HOT 3
- Is jailshell supported in cloudlinux?
- Is there a way to execute /bin/bash as user and enter the jailed environment? HOT 2
- php artisan commands not working in almalinux 8 and centos 7,8
- Having issues with Ubuntu 22.04
- terminfo doesn't exist , almalinux 8 HOT 8
- can't export a writable directory
- client_loop: send disconnect: Broken pipe HOT 1
- There is a certain degree of probability for command failed to run, without any results! HOT 1
- how to add environment variable for the cmd command defined in cfg file?
- Nano editor is not working HOT 1
- Can't change jail-shell php version HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jail-shell.