Jail is a chrooted environment using bash. its main use is to put it as shell for any user you want to be chrooted. To work propertly, you have to copy some libraries into the chrooted environment, so the user have some commands to work :) The environment is built using the script 'mkenv.sh' provided in this distribution
Version 1.0
Version 1.2 is available here !
just untar the package and do a 'make' ; next, you have to
select one of the mkenv files that are in the directory and
copy it into mkenv.sh. This file is tailored to each
environment. If your distribution has the right mkenv, jail
will run without problems, else, you shuould try it, and
if it doesn't work, you should send me the following logs:
1 (sh -x /usr/local/bin/mkenv /home/dummy 2>&1) > /tmp/mkenv.log
2 (strace /bin/bash 2>&1) /tmp/bash.log
3 the output of a login command with the chrooted environment
So I can customize mkenv.sh to this system. Mkenv.sh does a
copy of the libraries and files required for proper work in
the chrooted environment. If you tailor mkenv.sh for your
platform, please send me the new mkenv.sh, so I can put it
into the distribution.
if you want install it, type 'make install' as root.
The default install directory is '/usr/local/bin'.
If you want to change anything, you can edit Makefile and jail.c.
Next, add an user account. In the shell field of the password file,
put the 'jail' shell, just like that:
test:x:1000:1000:Test User,,,:/home/test:/usr/local/bin/jail
Note that the chrooted directory becomes /home/test ...
and you have setup propertly this directory, running the
script I provided, mkenv.sh, as root user, just like that:
# /usr/local/bin/mkenv.sh /home/test
And that is.
You can run it after doing the 'adduser' command and copy the skel
files if required.
*NEW*
A new feature has been added, *path splitting* so you can have
multiple users into a single chrooted environment
(useful for isolate groups of users) The use is simple
just use: /chroot_dir$/path_relative_to_it as home directory;
jail will chroot to /chroot_dir and then will change the user
home to /path_relative_to_it. Remember to use /chroot_dir
when pass the directory to mkenv.sh !
Example:
test:x:1002:1002:Test,,,:/home/chroot$/home/test:/usr/local/bin/jail
this will do a chroot in /home/chroot and changes to the
directory /home/chroot/home/test, so the user see "/home/test" as
is home directory.
Skel files:
You have to copy the skel files under /home/chroot/home/test
mkenv.sh:
You have to pass /home/chroot to mkenv.sh to make the
chroot environment.
To finish the setup, you have to make /home/chroot/home/test
by hand.
Under IRIX 6.5, the process being killed by itself. After a while tracing it, I discover in google that there is a bug in the execve() system call.
This version is 1.2 release. Currently pretty stable. The developement was done under a Linux box using debian potato 2.2 and gcc 2.95.3.
This version has been tested under linux, so if you change your platform, you have to change the mkenv.sh script so the right libraries and files will be copied. If you setup mkenv.sh for another platform, please send it to me, so I put it into the package. Now is reported to run on Debian Potato and Linux Caldera 7.0.
if Jail doesn't work in your sytem, you should send me the
following logs so I can customize mkenv.sh for it:
1 (sh -x /usr/local/bin/mkenv /home/dummy 2>&1) > /tmp/mkenv.log
2 (strace /bin/bash 2>&1) /tmp/bash.log
3 the output of a login command with the chrooted environment
4 the distribution name and release
5 the hardware platform
So I can customize mkenv.sh to this system. Mkenv.sh does a
copy of the libraries and files required for proper work in
the chrooted environment. If you tailor mkenv.sh for your
platform, please send me the new mkenv.sh, so I can put it
into the distribution.
Please feedback all questions, bugs, enhancenments and so on to assman@gsyc.inf.uc3m.es. Please check the Web Site (http://www.gsyc.inf.uc3m.es/~assman/jail/) for upgrades and more info !
Enjoy it. - Juan M. Casillas