Cow Computing

There’s once I was required to setup a limited shell access user account on a commercial hardware product, in which to secure the original system from being modified and at the same time to provide a flexible environment for general work. I was on the way to make use of chroot command. Then i was lucky to came across Jailkit, which saved me a lot of time. So, i would like to use this post to give a little introduction on how to use it.

# First, let's create a directory for the jail account
mkdir /jail
chown root:root /jail

# Then we create a new user account specially for jail account
# *replace <group name>, <username>, <password> with your own value
groupadd <group name>
useradd -d /home/jail -g <group name> -p <password> <username>

# For example, if we only want to allow the jail account to have ssh and basic shell access
jk_init -v -j /jail basicshell ssh

# Then we shall jail the user account we previously created to the jail directory
jk_jailuser -m -j /jail <username>

Now the jail account and file system is ready, however if you want more control, we can do the following.

# OPTIONAL: Edit /jail/etc/passwd file and /jail/etc/group file to further limit the access
# The following further limit the user logged in jail account to have only access to bash
# Assume the jail user account & group = jail_user, and we edit the passwd file
jail_user:x:1016:1016:/home/jail:/bin/bash

# edit group file
jail_user:x:1016