jk_lsh(8)jk_lshjk_lsh(8)NAMEjk_lsh - a shell that limits the binaries it will execute
SYNOPSISjk_lsh-c command
DESCRIPTION
The jailkit limited shell jk_lsh is not an interactive shell. jk_lsh
will only execute commands that are passed during startup (e.g. /bin/sh
-c command) and will deny to start all but explicitly allowed commands.
All other commands, or regular shell access are denied. This can be
used to restrict an account to a specific use. For example, jk_lsh can
be used to make rsync-, cvs-, sftp- or scp-only accounts, or even an
account that can start firefox or opera but nothing else.
The allowed actions are read from /etc/jailkit/jk_lsh.ini If you run
jk_lsh inside a changed root jail, make sure jk_lsh.ini is present
inside that chroot jail.
LIMITATIONS
Some shells can process complex commandlines, such as command1 && com‐
mand2, or kill `ps |grep foo`. The limited shell jk_lsh cannot do any‐
thing like that, another shell should be used if you want enable such
features. It is not planned to include this in any future version.
OPTIONSjk_lsh can do word expansion such as *.txt expanding to each file that
ends with .txt. This is very useful when running rsync or scp with
jk_lsh. Option allow_word_expansion should be set to 1 in order to
allow this.
jk_lsh can also set environment variables. This is a comma separated
list with key=value pairs.
Options can be set for a specific user, for the primary group of a
user, or for all users in section DEFAULT.
EXAMPLE
An example config file for user test or group test is shown below
[DEFAULT]
executables = /usr/bin/scp, /usr/lib/sftp-server, /usr/bin/rsync
paths = /usr/bin/, /usr/lib
allow_word_expansion = 1
[test]
executables = /usr/bin/scp, /usr/lib/sftp-server
paths = /usr/bin/, /usr/lib
allow_word_expansion = 0
umask = 002
[group test]
executables = /usr/bin/rsync
paths = /usr/bin/
allow_word_expansion = 1
environment=TERM=linux,FOO=bar
If user test has primary group test, however, he can not execute rsync
in the above example. First the user section is checked, and only if no
user section is found the primary group section is looked for, and only
if no group section is found, the DEFAULT section is looked for. If no
section is found, jk_lsh aborts.
The executables entry specifies all executables that jk_lsh will exe‐
cute. The paths entry specifies in which directories jk_lsh will look
for these executables if no path is specified. The PATH environment
variable is ignored by jk_lsh. The allow_word_expansion if set to 1,
will make jk_lsh do word expansion (*, ?, ~, $) using wordexp(3) which
is very useful for remote commands like rsync server:./* . or scp
server:somedir/* /tmp/ umask if you want a specific umask
The common way to use jk_lsh is to use it as default shell for those
restricted accounts. It is recomended to run these accounts inside a
changed root using jk_chrootsh(8)FILES
/etc/jailkit/jk_lsh.ini /etc/passwd JAIL/etc/jailkit/jk_lsh.ini
JAIL/etc/passwd
DIAGNOSTICSjk_lsh logs errors to syslog, so check your log files. If you run
jk_lsh inside a changed root, you have to have a /dev/log in that
changed root. See jk_socketd(8) for more information how to do this.
SEE ALSOjailkit(8)jk_check(8)jk_chrootlaunch(8)jk_chrootsh(8)jk_cp(8)jk_init(8)jk_jailuser(8)jk_lsh(8)jk_procmailwrapper(8)jk_socketd(8)jk_uchroot(8)jk_update(8)chroot(2)COPYRIGHT
Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Olivier
Sessink
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
JAILKIT 07-02-2010 jk_lsh(8)
