[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Jailkit-users] Group management question

From: Al Sheldon
Subject: RE: [Jailkit-users] Group management question
Date: Wed, 16 Aug 2006 13:57:50 -0700


OK, I must be an idiot.  I don't know how to tell what version I am

I have tried everything I can think of to get it to work with group, but
if I change the group on the folder in the jail area it comes back with
an error message that the group must be 100, which is the users group.

If I set the group ownership to allow read write and execute it fails
and says it must not have open permission on the group setting.

I have no problem setting up a user and that one user can access their
jail area.  I cannot setup a second user to the same area because they
don't own it.

Of course root can get to anything, but that is not how I want to manage
this stuff, and I really need multiple users to a single area.

Can you give me an example of the /etc/passwd, /etc/group, and the
jk_lsh.ini that, and the permissions in the jail directory that work.  I
am obviously being very dense on this.


Al Sheldon
Systems Administrator
Jefferson Behavioral Health
PO Box 1870
Grants Pass, OR 97528
541.955.9565 (ext. 109)
541.955.9707 (fax)
541.761.5317 (cell)
Confidentiality Notice - The information contained in this electronic
mail and any attachments is intended for the sole use of the intended
recipient(s), and may contain confidential and privileged information
protected by laws of the State of Oregon and the United States of
America.  Any unauthorized review, use, disclosure or distribution is
prohibited by law.  If you are not the intended recipient, please notify
the sender by reply e-mail, and destroy all copies of the original
message from your computer.

-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Olivier Sessink
Sent: Tuesday, August 15, 2006 11:17 PM
To: address@hidden
Subject: Re: [Jailkit-users] Group management question

Al Sheldon wrote:
> I would like to setup a user who can access specific directories of
> specific Jail users, in other words a master to only a select set of
> users on the server.

you'll need to make the data readable for a certain group, make the
directory owned by that group and 'set group id on execution' so all
files will have that group, set the umask (option 'umask = 002' in
jk_lsh.ini inside the jail) and add the master user as member of that
group (in both /etc/group and <jail>/etc/group).

> However if I relax the group permissions I
> believe that the users would be able to view each others data?  And if
> change the group from users to something I create I cannot connect
> an error that the group is not set to users). 

on the most recent jailkit (not sure if that is possible in 2.0, perhaps
only in CVS), there are new options for jk_chrootsh
'relax_home_group_permissions=1', and 'relax_home_group=1', that allow
you to have different group ownership and different permissions on the
users home directories.


Jailkit-users mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]