Simple & easy way to jail users
Clash Royale CLAN TAG#URR8PPP up vote
33
down vote
favorite
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
add a comment |Â
up vote
33
down vote
favorite
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
add a comment |Â
up vote
33
down vote
favorite
up vote
33
down vote
favorite
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
I need a simple and easy way to jail users in their home directories in Oneiric. Do you have a simple configuration for jailing users, with full help, or some good web links?
I would be offering an online free public server with 10 to 20 GB free space. I don't know how many users. I want to give them SSH and SFTP so that they can connect through FileZilla.
ssh users chroot
ssh users chroot
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
edited Jan 27 '14 at 14:05
Braiam
50.1k20131214
50.1k20131214
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
asked Jan 6 '12 at 21:27
One Zero
16.7k2270106
16.7k2270106
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
add a comment |Â
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
20
down vote
accepted
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
# tar -zxvf jailkit-2.17.tar.gz
# cd jailkit-2.17
# ./configure
# make
# make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
# mkdir /home/jail
# chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
Now it’s time to jail this user, use the following command:
# jk_jailuser -m -j /home/jail testuser
Your /etc/passwd should contain something like this now:
testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
# jk_cp -v -f /home/jail /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
testuser:x:1001:1001::/home/testuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
# jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
edited Sep 23 '15 at 13:55
PJunior
280212
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
 |Â
show 2 more comments
up vote
6
down vote
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etcThere is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
 |Â
show 5 more comments
up vote
1
down vote
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |Â
up vote
0
down vote
You could check out rbash as a shell for your users.
man bash
Search for RESTRICTED SHELL section
Or look on this page http://linux.die.net/man/1/bash
answered Jan 6 '12 at 21:33
Karlson
1,23611322
2
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
20
down vote
accepted
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
# tar -zxvf jailkit-2.17.tar.gz
# cd jailkit-2.17
# ./configure
# make
# make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
# mkdir /home/jail
# chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
Now it’s time to jail this user, use the following command:
# jk_jailuser -m -j /home/jail testuser
Your /etc/passwd should contain something like this now:
testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
# jk_cp -v -f /home/jail /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
testuser:x:1001:1001::/home/testuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
# jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
edited Sep 23 '15 at 13:55
PJunior
280212
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
 |Â
show 2 more comments
up vote
20
down vote
accepted
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
# tar -zxvf jailkit-2.17.tar.gz
# cd jailkit-2.17
# ./configure
# make
# make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
# mkdir /home/jail
# chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
Now it’s time to jail this user, use the following command:
# jk_jailuser -m -j /home/jail testuser
Your /etc/passwd should contain something like this now:
testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
# jk_cp -v -f /home/jail /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
testuser:x:1001:1001::/home/testuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
# jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
edited Sep 23 '15 at 13:55
PJunior
280212
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
 |Â
show 2 more comments
up vote
20
down vote
accepted
up vote
20
down vote
accepted
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
# tar -zxvf jailkit-2.17.tar.gz
# cd jailkit-2.17
# ./configure
# make
# make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
# mkdir /home/jail
# chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
Now it’s time to jail this user, use the following command:
# jk_jailuser -m -j /home/jail testuser
Your /etc/passwd should contain something like this now:
testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
# jk_cp -v -f /home/jail /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
testuser:x:1001:1001::/home/testuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
# jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
edited Sep 23 '15 at 13:55
PJunior
280212
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
Download & Install:
http://olivier.sessink.nl/jailkit/index.html#download
# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
# tar -zxvf jailkit-2.17.tar.gz
# cd jailkit-2.17
# ./configure
# make
# make install
Setting up the jail
Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
# mkdir /home/jail
# chown root:root /home/jail
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh
Add a user
Add a new user with a home directory and bash shell, and set the password:
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
Now it’s time to jail this user, use the following command:
# jk_jailuser -m -j /home/jail testuser
Your /etc/passwd should contain something like this now:
testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
# jk_cp -v -f /home/jail /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
testuser:x:1001:1001::/home/testuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
# jk_update -j /home/jail -d
Without the -d argument the real update is performed. More maintenance operations can be found here.
Help Taken
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://olivier.sessink.nl/jailkit/index.html#intro ( a very good help )
This one also
This is been checked & verified , Working Properly
edited Sep 23 '15 at 13:55
PJunior
280212
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
edited Sep 23 '15 at 13:55
PJunior
280212
edited Sep 23 '15 at 13:55
PJunior
280212
edited Sep 23 '15 at 13:55
PJunior
280212
280212
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
answered Feb 7 '12 at 13:24
One Zero
16.7k2270106
16.7k2270106
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
 |Â
show 2 more comments
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
+1 very good. highly recommend reading the links you mentioned above in the "Help Taken" section too
– cwd
May 24 '13 at 22:41
2
2
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
This doesn't work on Ubuntu 13.10. When you try to finally login you get the welcome message immediately followed by connection closed.
– Matt H
Feb 9 '14 at 23:52
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
Matt H: Make sure to follow the last two steps; copying the bash binaries and editing the /home/jail/etc/passwd file.
– ONOZ
May 20 '14 at 10:10
2
2
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
This either doesnt work anymore or something has changed since this tutorial was put up. Im getting exactly the same problems as MattH.
– James Heald
Oct 14 '14 at 21:15
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
I also had the connection closed issue immediately after the welcome message. I changed the login shell within the chroot passwd file from jk_lsh to bash as read here linuxquestions.org/questions/linux-software-2/… It is not a solution but a workaround!
– Attila Fulop
Feb 26 '15 at 15:30
 |Â
show 2 more comments
up vote
6
down vote
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etcThere is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
 |Â
show 5 more comments
up vote
6
down vote
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etcThere is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
 |Â
show 5 more comments
up vote
6
down vote
up vote
6
down vote
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc
IMO the easiest method of securing users is to use apparmor.
You make a hard link
ln /bin/bash /usr/local/bin/jailbash
You add jailbash to /etc/shells
You then assign jailbash to the users shell, and then write an apparmor profile for jailbash allowing minimal access.
sudo chsh -s /usr/local/bin/jailbash user_to_confine
You will have to write an apparmor profile yourself, but I have a profile you could potentially start with
http://bodhizazen.com/aa-profiles/bodhizazen/ubuntu-10.04/usr.local.bin.jailbash
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
edited Aug 22 '17 at 18:07
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
answered Jan 6 '12 at 21:38
Panther
75.3k10150257
75.3k10150257
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etcThere is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
 |Â
show 5 more comments
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etcThere is nothing stopping you from linking/copying files you feel they need.
– user606723
Jan 6 '12 at 21:52
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
I think the whole point of the question was to point out tools to automate this process... likejailkit, a tool the OP mentions.
– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.– user606723
Jan 6 '12 at 21:52
You can not confine them to /home as they need access to the system binaries and bash and configuration files in /etc There is nothing stopping you from linking/copying files you feel they need.– user606723
Jan 6 '12 at 21:52
1
1
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
Yes you "can" do as user606723 suggests, but it is not so easy, and IMO of all the potential solutions the least practical or easy. Might as well build a chroot or use lxc. You copy a binary, then the libs. Often you will manually need to identify libs with ldd. This method takes a ton of work to set up. And then you have to keep the jail up to date, you will have to manually update (copy) the binaries / libs. Links might work better in terms of updates, but you still need to set them all up. Somehow I do not think this is what the OP had in mind. How then to keep them confined ?
– Panther
Jan 6 '12 at 22:08
1
1
I think the whole point of the question was to point out tools to automate this process... like
jailkit, a tool the OP mentions.– user606723
Jan 6 '12 at 22:28
I think the whole point of the question was to point out tools to automate this process... like
jailkit, a tool the OP mentions.– user606723
Jan 6 '12 at 22:28
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
@bodhi.zazen . what u think about about this .. debootstrap (oneiric) then make a container using lxc . using jail kit > user to container > . what i did so far is i have debbootstrap oneiric minimum then used jailkit >working fine
– One Zero
Jan 7 '12 at 14:44
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
you can use LXC for this task, beware that isolation is sometimes incomplete with LXC. As long as users do not have root access in the container you should be OK and you may want to subscribe to the LXC mailing list.
– Panther
Jan 7 '12 at 15:06
 |Â
show 5 more comments
up vote
1
down vote
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |Â
up vote
1
down vote
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |Â
up vote
1
down vote
up vote
1
down vote
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
It's difficult to guess what purpose you might want to accomplish. If it is to deny ssh/sftp while providing jailed access via FTP... easy:
Add to /etc/shells a new shell:
sudo -e /etc/shells
Add one line:
/bin/false
Save. For each user you want to deny ssh/sftp, change the user's shell:
sudo chsh -s /bin/false userx
Now userx cannot log in via ssh/sftp.
Install vsftpd:
sudo apt-get install vsftpd
Edit the config file:
sudo -e /etc/vsftpd.conf
And some changes....
anonymous_enable=NO
local_enable=YES
chroot_local_user=YES
Save. Restart vsftpd:
sudo /etc/init.d/vsftpd restart
answered Jan 6 '12 at 22:54
user8290
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |Â
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
well i m want to give them ssh + sftp (connect through filezilla)
– One Zero
Jan 7 '12 at 5:55
add a comment |Â
up vote
0
down vote
You could check out rbash as a shell for your users.
man bash
Search for RESTRICTED SHELL section
Or look on this page http://linux.die.net/man/1/bash
answered Jan 6 '12 at 21:33
Karlson
1,23611322
2
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |Â
up vote
0
down vote
You could check out rbash as a shell for your users.
man bash
Search for RESTRICTED SHELL section
Or look on this page http://linux.die.net/man/1/bash
answered Jan 6 '12 at 21:33
Karlson
1,23611322
2
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |Â
up vote
0
down vote
up vote
0
down vote
You could check out rbash as a shell for your users.
man bash
Search for RESTRICTED SHELL section
Or look on this page http://linux.die.net/man/1/bash
answered Jan 6 '12 at 21:33
Karlson
1,23611322
You could check out rbash as a shell for your users.
man bash
Search for RESTRICTED SHELL section
Or look on this page http://linux.die.net/man/1/bash
answered Jan 6 '12 at 21:33
Karlson
1,23611322
answered Jan 6 '12 at 21:33
Karlson
1,23611322
answered Jan 6 '12 at 21:33
Karlson
1,23611322
answered Jan 6 '12 at 21:33
Karlson
1,23611322
1,23611322
2
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |Â
2
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You meanrbash?
– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
2
2
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
Just be very careful with rbash, it is very easy to break out of and sort of considered outdated. See blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash
– Panther
Jan 6 '12 at 21:43
@bodhi.zazen You mean
rbash?– Karlson
Jan 6 '12 at 21:47
@bodhi.zazen You mean
rbash?– Karlson
Jan 6 '12 at 21:47
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
yes, sorry I fixed that. There was a blog several years ago where someone broke our of a rbash jail I set up, and I though it was tight, minimal jail. Took them less then 5 minutes. Not had anyone break out of jailbash.
– Panther
Jan 6 '12 at 21:49
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
can u plz tell me how do i configure it ....jailbash
– One Zero
Jan 7 '12 at 13:24
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
yes, man bash helps, using bash restrited shell capabilities is more simply
– c4f4t0r
Feb 26 '14 at 11:21
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f93411%2fsimple-easy-way-to-jail-users%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
2nd update if users are not locked in home directories
– One Zero
Jan 10 '12 at 17:33
then I believe you 1-as mentioned by @Marco you want to try ChrootDirectory for SSH 2- you may want to go beyond the standard ways of doing things as you need to scale this to handle "a lot" of storage, ... 3- Is SSH your best choice? do people need SSH on your service? 4- Good luck
– Ali
Jan 10 '12 at 18:10
1
i have other plan as well .... for normal users we would be offering only SFTP with MY SECURE SHELL , that's very easy 2 handle
– One Zero
Jan 10 '12 at 18:23
How can I remove this jail e.g.(home/jail)?<br> And when I add some jail section e.g. jk_init -v -f /home/jail netutils, how will I remove this?
– user294399
Jun 17 '14 at 16:00