Sending a user to jail!
I would like to allow someone to access my server via ssh and directly access the MySQL command line, but limit other access. Using jailkit on Centos7, it mostly works, but I have a few questions. Below are the steps I have taken (maybe a couple were done in slightly different order):
1a. Compile the software Code:
yum group install "Development Tools" Do I really need to add all those paths? Code:
cat <<EOF | sudo tee /etc/jailkit/jk_init.ini Code:
sudo jk_init -v -k -j /home/jail basicshell editors extendedshell netutils ssh sftp scp jk_lsh mariadb Code:
sudo mkdir /home/jail/tmp Code:
jk_cp -v -f /home/jail /bin/bash Code:
sudo useradd testuser Code:
root:x:0:0:root:/root:/bin/bash Code:
bash: /usr/bin/id: No such file or directory In testuser's root directory, .bashrc includes: Code:
if [ -f /etc/bashrc ]; then Code:
# By default, we want umask to get set. This sets it for non-login shell. Also, I also tried the following, but get the following errors. What is causing them. Code:
jk_update -j /home/jail -d Lastly, can I just delete the users and /home/jail, and then start over? |
Here are the rpms for centos 7. I'd use one of those: http://dries.eu/rpms/jailkit/jailkit
|
Thanks but would like to figure why I am getting the /usr/bin/id warning. I've since started over and did again in the exact order I showed, and everything works great but i still get the warning.
|
The /usr/bin/id warning is because the id program is not in the relative jail path. This can probably be avoided by installing from a centos specific rmp, as the install script is customized for centos.
The install script for a source package must work for any distro, and therefore might require much more manual customization. |
Maybe not warranted, but I try to limit the source I get software from. Also nice to get latest revs sometimes. Is it possible to tell from the rpms how it was compiled?
|
Try OPTFLAGS example here https://unix.stackexchange.com/quest...-is-built-with
|
Thanks chrism01. Looks like the rpm needs to be installed before checking OPTFLAGS.
AwesomeMachine's recommended link also has a build spec. Is this like a shell script to compile? It uses 2.15 where I used 2.19. There is also some logs. https://jenkins.driesrpms.eu/job/jai...-x86_64%20el7/. Code:
[michael@devserver ~]$ rpm -q --queryformat="%{NAME}: %{OPTFLAGS}\n" jailkit-2.15-1.el7.rf.x86_64.rpm Code:
# $Id$ |
All times are GMT -5. The time now is 09:17 PM. |