Provided by: jailkit_2.23-1_amd64 bug


       jk_uchroot - grant regular users the right to change root into certain directories


       jk_uchroot -j <jail> -x <executable>


       jk_uchroot  can be used to give regular users access to the chroot() system call in a safe
       way. jk_uchroot will only grant chroot into a jail if the configuration  file  lists  this
       user  and  jail  combination.  jk_uchroot will furthermore only grant access if the chroot
       jail is safe. Safe means that it is owned by uid 0 gid 0  and  not  writable  for  others,
       including the system directories such as  /bin, /lib, /dev/, /sbin, and /usr.

       jk_uchroot  needs certain elevated privileges to make the chroot(2) system call. Therefore
       it is setuid root. It will drop its root privileges immediately after making the  chroot()
       system  call.  Since  Jailkit 2.8 jk_uchroot may also use the CAP_SYS_CHROOT capability on
       systems that support capabilities, and then the setuid bit can be removed.

       allowed_jails = /srv/johnjail, /srv/commonjail
       skip_injail_passwd_check = 1

       [group users]
       allowed_jails = /srv/commonjail
       skip_injail_passwd_check = 1

       In the above example jk_uchroot is configured not to check  if  the  user  exists  in  the
       /etc/passwd file in the jails.




       jk_uchroot  logs  everything to syslog, please check the log files. Logging is sent to the
       LOG_AUTH facility with levels LOG_ERR and LOG_CRIT for  critical  errors,  LOG_NOTICE  for
       non-critical errors,  and LOG_INFO for normal events. On most systems the command grep jk_
       /var/log/* will give you the information you need.


       jailkit(8)   jk_check(8)    jk_chrootlaunch(8)    jk_chrootsh(8)    jk_cp(8)    jk_init(8)
       jk_jailuser(8)   jk_list(8)  jk_lsh(8)  jk_procmailwrapper(8)  jk_socketd(8)  jk_update(8)
       chroot(2) syslogd(8)


       Copyright (C) 2003, 2004, 2005, 2006, 2007, 2018 Olivier Sessink

       Copying and distribution of this file, with or without modification, are permitted in  any
       medium without royalty provided the copyright notice and this notice are preserved.