Jail User

Jail User

Jailkit is a set of utilities that can limit user accounts to a specific directory tree and to specific commands. Setting up a jail is much easier using the Jailkit utilities that doing so 'by hand'. A jail is a directory tree that you create within your file system; the user cannot see any directories or files that are outside the jail directory. The user is jailed in that directory and it subdirectories.
#Jail a user to a directory

#Download and configure JailKit
```# cd /tmp
# wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
# tar -zxvf jailkit-2.17.tar.gz
# cd jailkit-2.17
# ./configure
# make
# make install
```
Setting up the jail

Now it’s time to set up the jail directory. Jailed users will see this directory as the root directory of the server. I chose to use /home/jail:
#make a new directory which you want to jail.
```# mkdir /home/jail
# chown root:root /home/jail
mkdir /var/www/html/vinit/nodejs_basic/
chown root:root /var/www/html/vinit/nodejs_basic/
```
jk_init can be used to quickly create a jail with several files or directories needed for a specific task or profile , (click on it & read full detail ).
```
# jk_init -v /home/jail basicshell
# jk_init -v /home/jail netutils
# jk_init -v /home/jail ssh
# jk_init -v /home/jail jk_lsh

jk_init -v /var/www/html/vinit/nodejs_basic/ basicshell
jk_init -v /var/www/html/vinit/nodejs_basic/ netutils
jk_init -v /var/www/html/vinit/nodejs_basic/ ssh
jk_init -v /var/www/html/vinit/nodejs_basic/ jk_lsh
```
Add a user
Add a new user with a home directory and bash shell, and set the password:
```
# useradd -d /home/testuser -m testuser -s /bin/bash
# passwd testuser
useradd -d /home/nodejsuser -m nodejsuser -s /bin/bash
passwd nodejsuser
```
Now it’s time to jail this user, use the following command:
```
# jk_jailuser -m -j /home/jail testuser
jk_jailuser -m -j /var/www/html/vinit/nodejs_basic/ nodejsuser
```
Your /etc/passwd should contain something like this now:

```testuser:x:1001:1001::/home/jail/./home/testuser:/usr/sbin/jk_chrootsh```
testuser:x:1001:1001::/var/www/html/vinit/nodejs_basic/./home/nodejsuser:/usr/sbin/jk_chrootsh
Enable bash
By using jk_cp the bash libraries are be copied to the jail:
```
# jk_cp -v -f /home/jail /bin/bash
```
jk_cp -v -f /var/www/html/vinit/nodejs_basic/ /bin/bash
Now edit the /home/jail/etc/passwd file and make sure it contains something like this:
```testuser:x:1001:1001::/home/testuser:/bin/bash```
testuser:x:1001:1001::/home/nodejsuser:/bin/bash
Maintenance
By using jk_update updates on the real system can be updated in the jail. A dry-run will >show what’s going on:
```# jk_update -j /home/jail -d```



    • Related Articles

    • What & How : MySQL User

      Run below commands to create MySQL user. 1. For local MySQL 1.CREATE USER 'username'@'%' IDENTIFIED BY 'password'; 2.GRANT ALL ON *.* TO 'username'@'%'; 2. For AWS RDS 1. CREATE USER 'username'@'%' IDENTIFIED BY 'password'; 2. GRANT SELECT, INSERT, ...

    • What & How: Add Sudo User in any Ubuntu System.

      1. Create a new user adduser username 2. Add it to Sudoers Group so it can have the privilege of sudo access. usermod -aG sudo username 3. Now If you want to enable password-based login for this user and you are getting an error like "Permission ...

    • How do I create another master user for my RDS DB instance running MySQL?

      1. Begin by getting a list of the permissions currently available to the master user by running the SHOW GRANTS command: mysql> SHOW GRANTS FOR 'master_user'; The command provides output similar to the following (note: "master_user" is the master ...

    • Nginx : How To Block Exploits, SQL Injections, File Injections, Spam, User Agents, Etc.

      server { [...] ## Block SQL injections set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ ...

    • PostgreSQL basic commnad

      How to connect AWS-RDS of PostgreSQL using terminal or CMD & basic of PostgreSQL - syntax format psql -h HOSTNAME --port=5432 -U USERNAME DATABASENAME -W -h = host or RDS Endpoint -p 5432 pre define port for postgresql -u user name for database ...