Skip to content

用jailkit创建一个chroot环境的sftp

jailkit 官网 http://olivier.sessink.nl/jailkit/

环境as4 #wget http://olivier.sessink.nl/jailkit/jailkit-2.5.tar.gz #tar zxvf jailkit-2.5.tar.gz #cd jailkit-2.5 #./configure #make #make install

创建jail环境目录 #mkdir /home/jail 创建初始权限 #jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp 上面的斜体字都是可用的服务,可以在/etc/jailkit/jk_init.ini 中找到相应的部分 创建需限制的用户 #groupadd backup #useradd -g backup -m john #passwd john 限制该用户 #jk_jailuser -m -j /home/jail john

如果遇到错误 ldconfig: Can’t open configuration file /etc/ld.so.conf: No such file or directory 编辑/etc/jailkit/jk_init.ini vi /etc/jailkit/jk_init.ini #增加ldconfig [ldconfig] executables = /sbin/ldconfig regularfiles = /etc/ld.so.conf

[uidbasics]

this section probably needs adjustment on 64bit systems

or non-Linux systems

regularfiles = /etc/nsswitch.conf /etc/ld.so.conf

comment = common files for all jails that need user/group information libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss.so.2, /lib64/libnss.so.2 regularfiles = /etc/nsswitch.conf #去掉/etc/ld.so.conf增加下面一行

includesections = ldconfig

修改完成后相应的passwd如下 #tail /etc/passwd john:x:504:504::/home/jail/./home/john:/usr/sbin/jk_chrootsh

#cat /home/jail/etc/passwd root:x:0:0:root:/root:/bin/bash john:x:504:504::/home/john:/usr/sbin/jk_lsh

参考: http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html http://bemike.org/2007/12/14/jailkit.html http://forums.opensuse.org/applications/390698-jailkit-install-problems.html

Posted in linux 维护优化, 安全, 技术.

Tagged with , .

rev="post-356" No comments

By C1G 2008/11/10

No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »