Hello to all. Today I wanted to give to a specific ssh user access to mysql. This user was created with jailkit chroot access on the server. What I did was to copy the necessary files from root to this user's folders. To be more speciic I did the following: 1. Copied /usr/bin/mysql to /var/www/clients/client1/webX/usr/bin/ 2. Copied /usr/lib/libmysqlclient.so.16 to /var/www/clients/client1/webX/usr/lib/. This file is a link, so I copied and the equivalent library file in the same folder 3. Copied /usr/lib/libstdc++.so.6 to /var/www/clients/client1/webX/usr/lib/. Same as above. 4. Copied /lib/libgcc_s.so.1 to /var/www/clients/client1/webX/lib/ By doing these steps, the user got access to the mysql, and only on his own domain database, as I wanted. What I would like to ask is if what I did was the right way to configure that, or there is a better way to do it. Thank you all for your time.
That procedure is ok. You used the "manual" way. The jailkit tools which are used in ispconfig have also a function to copy commands incl. their libraries into a jail: http://olivier.sessink.nl/jailkit/jk_cp.8.html
Is it still the right way to do it. And since it is a copy of the files, does it still work when mysql is updated ? Thanks.
The purpose of a jail is to create a copy of system files and limit the user to use only the files in that jail. Jailkit provides alaos commands to update the files inside the jail.
Thanks, so it means under Debian / Ubuntu you can't use unattended-upgrades and write instead a script that will first upgrade and then run the jail files update tool.
