Tartalom
Adatok
Licenc:
Verziószám:
Fejlesztő/tulajdonos:
Rövid leírás:
A jk_init Linux parancs manual oldala és súgója. Nem könnyű feladat funkcionálisan beállítani egy chroot jail-t. Ha például azt szeretnénk, hogy a felhasználó futtathasson néhány parancsot, akkor a legtöbbször nem elég csak egyszerűen bemásolni a parancsok bináris fájljait a jail-ba, mert sok parancsnak szükségük van különböző függvénykönyvtárakra, valamint sok esetben a /dev alatti eszközökre is. Végül kell egy shell is, ami elindítja a parancsokat, stb. A jk_init parancs segítségével ezek a feladatok automatizálhatók.
Man oldal kimenet
man jk_init
jk_init(8) jk_init jk_init(8) NAME jk_init - a utility to quicky create functional jail directories SYNOPSIS jk_init -j jail section jk_init -v -f -k -j jail section DESCRIPTION It is not an easy task to setup a jail (a changed root) in a functional way. If you want the user to be able to run cvs for exam‐ ple, it will not work to simply copy the cvs binary into the users jail. You will find that cvs needs libraries as well. cvs also needs the /dev/null device. Finally you need something to start cvs: you need a shell too. And the shell might need files like /etc/passwd and /etc/nsswitch.conf. With jk_init you can automate these tasks. You can create a section in the configfile /etc/jailkit/jk_init.ini that has all the files, directories and devices, and you can use jk_init to setup such a jail with a single command. The default configfile has examples for cvs, sftp, scp, rsync and more for Debian and Ubuntu Linux. For other operating systems the defaults might need some (minor) updates. EXAMPLE An example configfile section might look like this: [jk_lsh] comment = Jailkit limited shell paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini users = root groups = root need_logsocket = 1 includesections = uidbasics [sftp] comment = ssh secure ftp with Jailkit limited shell paths = /usr/lib/sftp-server includesections = netbasics, uidbasics devices = /dev/urandom, /dev/null emptydirs = /svr The comment entry specifies the comment that is shown if jk_init option -l or --list is used. The paths entry specifies which files and directories need to be copied into the jail. Executables and libraries are checked for any required libraries, and these requirements are copied too. All files are created with user root as owner. The paths_w_owner entry specifies which paths need to be copied with their current ownership. This can be used to copy files that need to be writable by a server process that does not run as user root (for example database files). The users and groups entries specify which users and groups that need to be present in <jail>/etc/passwd. If the need_logsocket entry is set to "1" the jk_socketd.ini file is modified to include a /dev/log socket in this jail. The devices entry specifies which devices are required in the jail. The includesections entry spec‐ ifies which other sections need to be processed as well when processing the current section. In the above example, the jk_lsh section is automatically included if the sftp section is processed. Finally the emptydirs entry specifies which directories to create as empty directories. This can be useful to create for example mountpoints in the jail. DEPRECATED CONFIGFILE ENTRIES The entries executables , regularfiles , directories and libraries are all replaced by the entry paths. They are still sup‐ ported, but are handled similar to the paths entry. LIMITATIONS Many unix like operating systems install files in different locations. The default jk_init config file has defaults taken from Debian and Ubuntu. The default config file may not work on other platforms. You probably need to customise jk_init.ini for your platform and your applications. OPTIONS -f --force Force overwriting of existing files -v --verbose Will give verbose output -k --hardlink Try to create hardlinks instead of copying the files -c configfile --configfile=configfile Use alternative configfile -l --list List available sections in the config file -j --jail <jail> Specify the jail directory to operate on. -h --help The help screen FILES /etc/jailkit/jk_init.ini SEE ALSO jailkit(8) jk_check(8) jk_chrootlaunch(8) jk_chrootsh(8) jk_cp(8) jk_jailuser(8) jk_list(8) jk_lsh(8) jk_procmailwrapper(8) jk_socketd(8) jk_uchroot(8) jk_update(8) chroot(2) ldd(1) mknod(1) ln(1) chmod(1) mkdir(1) COPYRIGHT Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Olivier Sessink Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. JAILKIT 07-02-2010 jk_init(8)
Súgó kimenet
sudo jk_init --help
Usage: /usr/sbin/jk_init [OPTIONS] Usage: /usr/sbin/jk_init [OPTIONS] -j jaildir sections... -h --help : this help screen -c, --configfile=FILE : specify configfile location -l, --list : list all available sections in the configfile -j, --jail= : specify the jail to use. For backwards compatibility, if no jail is specified, the first argument after the options will be used as jail -v, --verbose : show what is being done -f, --force : force overwriting of existing files -k, --hardlink : use hardlinks if possible
Kapcsolódó tartalom
- 3 megtekintés