I would like to add some extra commands for use for shell user with jailkit chroot. In Jailkit chroot app sections I added sudo command for testing purposes but it's not working. So I tried add path /usr/bin/sudo to Jailkit chrooted applications but it still not works. Is this command specific and will not work and am I doing something wrong?
The jail gets created when you add the first ssh user or jailed cronjob to a new website. so if you want to test it, you have to create a new site and not just a new ssh user.
Currently I have created new site some time ago and shell user. Today I would like add some programs for this shell user. So it's impossible to edit already created shell user (physically I can edit and put some into input field but changes are not saved)?
The changes are saved off course. But the do not affect existing jails as they are for new jails only. If you want to add a command to an existing jail, use the jk_cp command.
How should looks the path for sudo command as parameter of jk_cp command? Based on documentation https://olivier.sessink.nl/jailkit/jk_cp.8.html more less like Code: jk_cp -k -j /what/write/here /usr/bin/sudo
Specify the path to the website's root directory (not to be confused with the document root), which you can find via 'ls -l /var/www/domain.tld': Code: # ls -l /var/www/domain.tld lrwxrwxrwx 1 root root 30 Jul 11 2015 /var/www/domain.tld -> /var/www/clients/client3/web8/ # jk_cp -j /var/www/clients/client3/web8/ /usr/bin/sudo Also the -k option creates hardlinks to files, which seems horrible from a security perspective, I'd not use it unless you know otherwise.
Thanks Jesse for answer. One more question - for 100% sure - this command will give sudo only for one shell user which belongs to specific site? Second site for this same main user will have sudo command enabled too?
It adds the sudo command to that jail. A website can only be under one jail; shell users are assigned to a website, and you can add multiple shell users under one sites (so all such users would have the same commands in their jail environment). If you add a second website under Sites > Websites > Add new Website, that will get a separate jail environment (ls -l /var/www/domain2.tld will show it pointing to a different web# directory under the same client#), and it will not have sudo added to it by default.
Hi! Don't wont to create new thread, same question. /Debian 9, ISPConfig 3.1.11, Jailkit/ How to enable "which" command for user? There is only: bash chmod cpio dd egrep fgrep gunzip ln mkdir more nano rm sed sleep tar true zcat cat cp date echo false grep gzip ls mktemp mv pwd rmdir sh sync touch uncompress from user in /bin/bash. When I connect via root user "which" command in /bin/bash exist. Thanx
If you only want it in one jailkit: Code: jk_cp -j /var/www/clients/client#/web#/ /usr/bin/which If you want it in all your jails, add it to a section in /etc/jailkit/jk_init.ini or in ispconfig's server config under 'Jailkit chrooted applications', then update all your jails (eg. use jk_updater_ispc). 'which' is not listed as a bash builtin command, so it's not "in" /bin/bash; I'd suspect you are either running a different shell as root (maybe tcsh?) or maybe you just mean you can use the 'which' command (ie. `which which` would print /usr/bin/which).