Cow Computing » User Account http://www.cowcomputing.com Share Info about Cloud Computing & Programming Thu, 22 Jul 2010 17:10:24 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Jailkit – Limit User Account on Linux http://www.cowcomputing.com/2010/03/12/jailkit-limit-user-account-on-linux/ http://www.cowcomputing.com/2010/03/12/jailkit-limit-user-account-on-linux/#comments Fri, 12 Mar 2010 07:16:07 +0000 Steve http://www.cowcomputing.com/?p=201 There’s once I was required to setup a limited shell access user account on a commercial hardware product, in which to secure the original system from being modified and at the same time to provide a flexible environment for general work. I was on the way to make use of chroot command. Then i was lucky to came across Jailkit, which saved me a lot of time. So, i would like to use this post to give a little introduction on how to use it.

# First, let's create a directory for the jail account
mkdir /jail
chown root:root /jail

# Then we create a new user account specially for jail account
# *replace <group name>, <username>, <password> with your own value
groupadd <group name>
useradd -d /home/jail -g <group name> -p <password> <username>

# For example, if we only want to allow the jail account to have ssh and basic shell access
jk_init -v -j /jail basicshell ssh

# Then we shall jail the user account we previously created to the jail directory
jk_jailuser -m -j /jail <username>


Now the jail account and file system is ready, however if you want more control, we can do the following.

# OPTIONAL: Edit /jail/etc/passwd file and /jail/etc/group file to further limit the access
# The following further limit the user logged in jail account to have only access to bash
# Assume the jail user account & group = jail_user, and we edit the passwd file
jail_user:x:1016:1016:/home/jail:/bin/bash

# edit group file
jail_user:x:1016
]]> http://www.cowcomputing.com/2010/03/12/jailkit-limit-user-account-on-linux/feed/ 0