Add more applications to shell user Jailkit chroot

Discussion in 'Installation/Configuration' started by Poliman, May 17, 2017.

  1. Poliman

    Poliman Member

    I would like to add some extra commands for use for shell user with jailkit chroot. In Jailkit chroot app sections I added sudo command for testing purposes but it's not working. So I tried add path /usr/bin/sudo to Jailkit chrooted applications but it still not works. Is this command specific and will not work and am I doing something wrong?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The jail gets created when you add the first ssh user or jailed cronjob to a new website. so if you want to test it, you have to create a new site and not just a new ssh user.
     
  3. Poliman

    Poliman Member

    Currently I have created new site some time ago and shell user. Today I would like add some programs for this shell user. So it's impossible to edit already created shell user (physically I can edit and put some into input field but changes are not saved)?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The changes are saved off course. But the do not affect existing jails as they are for new jails only.

    If you want to add a command to an existing jail, use the jk_cp command.
     
  5. Poliman

    Poliman Member

  6. Jesse Norell

    Jesse Norell Well-Known Member

    Specify the path to the website's root directory (not to be confused with the document root), which you can find via 'ls -l /var/www/domain.tld':
    Code:
    # ls -l /var/www/domain.tld
    lrwxrwxrwx 1 root root 30 Jul 11  2015 /var/www/domain.tld -> /var/www/clients/client3/web8/
    
    # jk_cp -j /var/www/clients/client3/web8/ /usr/bin/sudo
    
    Also the -k option creates hardlinks to files, which seems horrible from a security perspective, I'd not use it unless you know otherwise.
     
  7. Poliman

    Poliman Member

    Thanks Jesse for answer. One more question - for 100% sure - this command will give sudo only for one shell user which belongs to specific site? Second site for this same main user will have sudo command enabled too?
     
  8. Jesse Norell

    Jesse Norell Well-Known Member

    It adds the sudo command to that jail. A website can only be under one jail; shell users are assigned to a website, and you can add multiple shell users under one sites (so all such users would have the same commands in their jail environment). If you add a second website under Sites > Websites > Add new Website, that will get a separate jail environment (ls -l /var/www/domain2.tld will show it pointing to a different web# directory under the same client#), and it will not have sudo added to it by default.
     
    Poliman likes this.
  9. Poliman

    Poliman Member

    Ok, got it. Thanks Jesse.
     

Share This Page