Jailkit on Debian Jessie

Discussion in 'HOWTO-Related Questions' started by PacoW, Apr 30, 2015.

  1. PacoW

    PacoW New Member

    I followed this tutorial: How to create a jailed ssh user with Jailkit on Debian Wheezy
    Great tutorial for people like me who are new to Jailkit!

    I am using the recently released Debian 8.0.0 (Jessie) instead of Wheezy and I would like to place a few comments, except for chapter 4 because I skipped that one. I hope this list of comments is helpful to those using Debian Jessie, and of course to Srijan in order to rewrite this tutorial for Jessie.

    Automake Version
    Automake version 1.9 isn't available for Debian Jessie. I omitted the version number (so in fact I installed 1.14) and I didn't encounter any obvious problems (but then, I'm not a developer :)). My question: what is the reason for using automake1.9 in this tutorial? Should I use a different version than 1.14?

    Typo
    line: jk_init -v /opt/jail netutils basicshell jk_lsh openvpn ssh sftp
    /opt/jail     should be /jail

    Debian Jessie Quirk
    line: ssh [email protected] (2nd attempt)

    On Debian Wheezy this works. When using Debian Jessie, it fails: "Connection to X closed." /var/log/auth.log gives a clue:

    jk_chrootsh[X]: path /jail/bin/ is group writable
    jk_chrootsh[X]: abort, /jail is not a safe jail, check ownership and permissions.

    The problem can be solved by executing the following command and try again.

    chmod g-w /jail/bin

    This changes the rwxrwxr-x rights on /jail/bin to rwxr-xr-x, after which jk_chrootsh doesn't complain anymore and the jail works as expected.

    I was wondering... As the jk_init command copies some stuff from the host system to the jail, is my /bin dir (on the host) also group writable? It is. I don't know whether this is intended or not (I would like to know), so I dediced to leave it as it is. Its group is root so as long as no user is a member of group root noone can write to the host's /bin directory.
     
    PacoW, Apr 30, 2015
    #1
    AnLuDoSa and till like this.
  2. T_Send

    T_Send New Member

    No worries about automake version - current from jessie repo is fine.
    I would recommend jail dir to place in /home/jail instead of /jail or /opt/* with command jk_init -v -j /home/jail [sections]

    for more info read
    jk_init --help
    jk_jailuser --help
    jailkit homepage
     
    Last edited: Jun 3, 2015
    T_Send, Jun 3, 2015
    #2
  3. AnLuDoSa

    AnLuDoSa New Member

    Any ideas why Debian 8 changed the mode bits on /bin?
    When I first saw this, I thought I had made a mistake somewhere along the installation procedure.
     
    AnLuDoSa, Sep 4, 2015
    #3

Share This Page