Skip to content

用jailkit创建一个chroot环境的sftp

jailkit 官网
http://olivier.sessink.nl/jailkit/

环境as4
#wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz
#tar zxvf jailkit-2.5.tar.gz
#cd jailkit-2.5
#./configure
#make
#make install

创建jail环境目录
#mkdir /home/jail
创建初始权限
#jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp
上面的斜体字都是可用的服务,可以在/etc/jailkit/jk_init.ini 中找到相应的部分
创建需限制的用户
#groupadd backup
#useradd -g backup -m john
#passwd john
限制该用户
#jk_jailuser -m -j /home/jail john

如果遇到错误
ldconfig: Can’t open configuration file /etc/ld.so.conf: No such file or directory
编辑/etc/jailkit/jk_init.ini
vi /etc/jailkit/jk_init.ini
#增加ldconfig
[ldconfig]
executables = /sbin/ldconfig
regularfiles = /etc/ld.so.conf

[uidbasics]
# this section probably needs adjustment on 64bit systems
# or non-Linux systems
# regularfiles = /etc/nsswitch.conf /etc/ld.so.conf
comment = common files for all jails that need user/group information
libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2
regularfiles = /etc/nsswitch.conf
#去掉/etc/ld.so.conf增加下面一行
includesections = ldconfig

修改完成后相应的passwd如下
#tail /etc/passwd
john:x:504:504::/home/jail/./home/john:/usr/sbin/jk_chrootsh

#cat /home/jail/etc/passwd
root:x:0:0:root:/root:/bin/bash
john:x:504:504::/home/john:/usr/sbin/jk_lsh

参考:
http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html
http://bemike.org/2007/12/14/jailkit.html
http://forums.opensuse.org/applications/390698-jailkit-install-problems.html

Posted in linux 维护优化, 安全, 技术.

Tagged with , .

By C1G 2008/11/10

No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »