Wednesday, March 2, 2011

jailkit

How to lock down a user with basic shell/editors/ssh access to a single subdirectory (Ubuntu 10.04).




#Install
wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.gz
tar zxf jailkit*
cd jailkit-2.13
./debian/rules binary
cd ..
dpkg -i jailkit_2.13-1_*.deb
rm -rf jailkit-2.13*

#Setup
mkdir /jail
chown root:root /jail
jk_init -v /jail basicshell
jk_init -v /jail editors
jk_init -v /jail ssh

#Add user
adduser <user>
jk_jailuser -m -j /jail <user>

#Bind home dir
mkdir -p /jail/home/<user>
chown <user>:<user> /jail/home/<user>
mount -o bind /jail/home/<user> /path/to/dir/