Chroot jails made simpler
jk_lsh
jk_lsh
is the limited shell to run within the chroot. You can implement it by listing jk_lsh
as the user's shell in either the system's or the chroot's /etc/passwd
file, although using the chroot's copy is more secure.
jk_socketd
Configured in /etc/jailkit/jk_socketd.ini
, this daemon lets jailed users log into the main system's syslog. It may not be necessary for many chroot purposes.
jk_chrootlaunch
This utility starts a daemon from the main system within a chroot. It may change the user and group ID before running the daemon in the jail. The daemon does not become accessible from within the chroot. For example:
jk_chrootlaunch -j /chroot -u bb -x 'service apache2 start'
would run Apache for user bb
in the jail in the /chroot
directory.
Buy this article as PDF
(incl. VAT)