Add more applications to shell user Jailkit chroot

Discussion in 'Installation/Configuration' started by Poliman, May 17, 2017.

  1. Poliman

    Poliman Member

    I would like to add some extra commands for use for shell user with jailkit chroot. In Jailkit chroot app sections I added sudo command for testing purposes but it's not working. So I tried add path /usr/bin/sudo to Jailkit chrooted applications but it still not works. Is this command specific and will not work and am I doing something wrong?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The jail gets created when you add the first ssh user or jailed cronjob to a new website. so if you want to test it, you have to create a new site and not just a new ssh user.
     
  3. Poliman

    Poliman Member

    Currently I have created new site some time ago and shell user. Today I would like add some programs for this shell user. So it's impossible to edit already created shell user (physically I can edit and put some into input field but changes are not saved)?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The changes are saved off course. But the do not affect existing jails as they are for new jails only.

    If you want to add a command to an existing jail, use the jk_cp command.
     
  5. Poliman

    Poliman Member

  6. Jesse Norell

    Jesse Norell Well-Known Member

    Specify the path to the website's root directory (not to be confused with the document root), which you can find via 'ls -l /var/www/domain.tld':
    Code:
    # ls -l /var/www/domain.tld
    lrwxrwxrwx 1 root root 30 Jul 11  2015 /var/www/domain.tld -> /var/www/clients/client3/web8/
    
    # jk_cp -j /var/www/clients/client3/web8/ /usr/bin/sudo
    
    Also the -k option creates hardlinks to files, which seems horrible from a security perspective, I'd not use it unless you know otherwise.
     
  7. Poliman

    Poliman Member

    Thanks Jesse for answer. One more question - for 100% sure - this command will give sudo only for one shell user which belongs to specific site? Second site for this same main user will have sudo command enabled too?
     
  8. Jesse Norell

    Jesse Norell Well-Known Member

    It adds the sudo command to that jail. A website can only be under one jail; shell users are assigned to a website, and you can add multiple shell users under one sites (so all such users would have the same commands in their jail environment). If you add a second website under Sites > Websites > Add new Website, that will get a separate jail environment (ls -l /var/www/domain2.tld will show it pointing to a different web# directory under the same client#), and it will not have sudo added to it by default.
     
    Poliman likes this.
  9. Poliman

    Poliman Member

    Ok, got it. Thanks Jesse.
     
  10. Tagir

    Tagir New Member

    Hi!
    Don't wont to create new thread, same question. /Debian 9, ISPConfig 3.1.11, Jailkit/
    How to enable "which" command for user? There is only:
    bash chmod cpio dd egrep fgrep gunzip ln mkdir more nano rm sed sleep tar true zcat
    cat cp date echo false grep gzip ls mktemp mv pwd rmdir sh sync touch uncompress
    from user in /bin/bash. When I connect via root user "which" command in /bin/bash exist.
    Thanx
     
  11. Jesse Norell

    Jesse Norell Well-Known Member

    If you only want it in one jailkit:
    Code:
    jk_cp -j /var/www/clients/client#/web#/ /usr/bin/which
    If you want it in all your jails, add it to a section in /etc/jailkit/jk_init.ini or in ispconfig's server config under 'Jailkit chrooted applications', then update all your jails (eg. use jk_updater_ispc).

    'which' is not listed as a bash builtin command, so it's not "in" /bin/bash; I'd suspect you are either running a different shell as root (maybe tcsh?) or maybe you just mean you can use the 'which' command (ie. `which which` would print /usr/bin/which).
     
  12. Tagir

    Tagir New Member

    Thanks a lot! It works ;)

    My mistake. /bin/which is the right path
     

Share This Page