jailkit 官网 http://olivier.sessink.nl/jailkit/
环境as4 #wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz #tar zxvf jailkit-2.5.tar.gz #cd jailkit-2.5 #./configure #make #make install
创建jail环境目录 #mkdir /home/jail 创建初始权限 #jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp 上面的斜体字都是可用的服务,可以在/etc/jailkit/jk_init.ini 中找到相应的部分 创建需限制的用户 #groupadd backup #useradd -g backup -m john #passwd john 限制该用户 #jk_jailuser -m -j /home/jail john
如果遇到错误 ldconfig: Can’t open configuration file /etc/ld.so.conf: No such file or directory 编辑/etc/jailkit/jk_init.ini vi /etc/jailkit/jk_init.ini #增加ldconfig [ldconfig] executables = /sbin/ldconfig regularfiles = /etc/ld.so.conf
[uidbasics]
this section probably needs adjustment on 64bit systems
or non-Linux systems
regularfiles = /etc/nsswitch.conf /etc/ld.so.conf
comment = common files for all jails that need user/group information libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss.so.2, /lib64/libnss.so.2 regularfiles = /etc/nsswitch.conf #去掉/etc/ld.so.conf增加下面一行
includesections = ldconfig
修改完成后相应的passwd如下 #tail /etc/passwd john:x:504:504::/home/jail/./home/john:/usr/sbin/jk_chrootsh
#cat /home/jail/etc/passwd root:x:0:0:root:/root:/bin/bash john:x:504:504::/home/john:/usr/sbin/jk_lsh
参考: http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html http://bemike.org/2007/12/14/jailkit.html http://forums.opensuse.org/applications/390698-jailkit-install-problems.html
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.