plucky (8) jk_init.8.gz

Provided by: jailkit_2.23-2_amd64 bug

NAME

       jk_init - a utility to quicky create functional jail directories

SYNOPSIS

       jk_init -j jail section

       jk_init -v -f -k -j jail section

DESCRIPTION

       It  is  not an easy task to setup a jail (a changed root) in a functional way. If you want
       the user to be able to run cvs for example, it will not work to simply copy the cvs binary
       into  the  users  jail. You will find that cvs needs libraries as well. cvs also needs the
       /dev/null device. Finally you need something to start cvs: you need a shell too.  And  the
       shell might need files like /etc/passwd and /etc/nsswitch.conf.

       With  jk_init  you  can  automate  these tasks. You can create a section in the configfile
       /etc/jailkit/jk_init.ini that has all the files, directories and devices, and you can  use
       jk_init  to  setup  such a jail with a single command. The default configfile has examples
       for cvs, sftp, scp, rsync and more for  Debian  and  Ubuntu  Linux.  For  other  operating
       systems the defaults might need some (minor) updates.

EXAMPLE

       An example configfile section might look like this:

       [jk_lsh]
       comment = Jailkit limited shell
       paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
       users = root
       groups = root
       need_logsocket = 1
       includesections = uidbasics

       [sftp]
       comment = ssh secure ftp with Jailkit limited shell
       paths = /usr/lib/sftp-server
       includesections = netbasics, uidbasics
       devices = /dev/urandom, /dev/null
       emptydirs = /svr

       The  comment  entry  specifies the comment that is shown if jk_init option -l or --list is
       used. The paths entry specifies which files and directories need to  be  copied  into  the
       jail.  Executables  and  libraries  are  checked  for  any  required  libraries, and these
       requirements are copied  too.  All  files  are  created  with  user  root  as  owner.  The
       paths_w_owner  entry specifies which paths need to be copied with their current ownership.
       This can be used to copy files that need to be writable by a server process that does  not
       run  as user root (for example database files). The users and groups entries specify which
       users and groups that need to be present in <jail>/etc/passwd. If the need_logsocket entry
       is  set  to  "1"  the jk_socketd.ini file is modified to include a /dev/log socket in this
       jail.  The  devices  entry  specifies  which  devices  are  required  in  the  jail.   The
       includesections  entry  specifies  which  other sections need to be processed as well when
       processing the current section. In the above example, the jk_lsh section is  automatically
       included  if  the  sftp  section is processed. Finally the emptydirs entry specifies which
       directories to create as empty directories. This can  be  useful  to  create  for  example
       mountpoints in the jail.

DEPRECATED CONFIGFILE ENTRIES

       The entries executables , regularfiles , directories and libraries are all replaced by the
       entry paths.  They are still supported, but are handled similar to the paths entry.

LIMITATIONS

       Many unix like operating systems install files in different locations. The default jk_init
       config  file  has  defaults  taken from Debian and Ubuntu. The default config file may not
       work on other platforms. You probably need to customise jk_init.ini for your platform  and
       your applications.

OPTIONS

       -f --force
              Force overwriting of existing files

       -v --verbose
              Will give verbose output

       -k --hardlink
              Try to create hardlinks instead of copying the files

       -c configfile --configfile=configfile
              Use alternative configfile

       -l --list
              List available sections in the config file

       -j --jail <jail>
              Specify the jail directory to operate on.

       -h --help
              The help screen

FILES

       /etc/jailkit/jk_init.ini

SEE ALSO

       jailkit(8)   jk_check(8)   jk_chrootlaunch(8)   jk_chrootsh(8)   jk_cp(8)   jk_jailuser(8)
       jk_list(8)  jk_lsh(8)  jk_procmailwrapper(8)  jk_socketd(8)   jk_uchroot(8)   jk_update(8)
       chroot(2) ldd(1) mknod(1) ln(1) chmod(1) mkdir(1)

       Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Olivier Sessink

       Copying  and distribution of this file, with or without modification, are permitted in any
       medium without royalty provided the copyright notice and this notice are preserved.