jailer.conf(5) [debian man page]
JAILER(5) File Formats Manual JAILER(5) NAME
jailer.conf - configuration file of jailer SYNOPSIS
jailer.conf DESCRIPTION
jailer is a script for creating chrooted environments for Debian packages. jailer.conf is the configuration file for jailer.conf Every configuration definition has to start and end with a jail identifier, which should be unique and be in brackets. <apache> For example, an Apache chroot identifier should look like this: </apache> The identifier use needs to be closed. The configuration for the chroot instance is defined inside these identifiers. The following lines can be used to describe the con- figuration: Root: /var/chroot/apache This line describes the PATH of the chrooted enviroment. Conf: This line describes the PATH or PATH/filename which should be copied over to the chrooted environment. For example Conf: /etc/apache/* , which uses a wild card. Debs: This line contains the name of those Debian packages which should be installed into the chrooted environment. Junk-Debs: This line contains those deb packages which should not be installed into the chrooted environment. Junk: This line contains those files or directories which should not be installed. For example /lib/* means all files and links under /lib should not be installed, while /lib/libconsole.so.0.0.0 means a file which should not to be installed. Extra: This line contains those files or directories which should be installed into the chrooted environment. For example: /var/run will install that a directory which is needed for the chrooted service. WARNING
Do not configure your daemon inside your jail, because updatejail script will wipe out all the data inside the jail. If you would want to change any settings inside the jail, make the changes in the original location and then run updatejail . This makes it possible to place a jail even to a ramdisk. SEE ALSO
updatejail(8) jailer.conf(5), dpkg(8) AUTHOR
This manual page was written by Peter Holtzl <peter.holtzl@balabit.hu>. December 4, 2001 JAILER(5)
Check Out this Related Man Page
RSSH.CONF(5) Derek D. Martin RSSH.CONF(5) NAME
/etc/rssh.conf - configuration file for rssh OVERVIEW
rssh.conf is the configuration file for rssh. It allows the system administrator to control the behavior of the shell. Configuration key- words are either used by themselves on a line, or followed by an equal sign ('=') and a configuration value. Comments start with a hash ('#') and can occur anywhere on the line. Configuration options are case insensitive. Spaces at the beginning or end of line, or between the equal sign and the configuration keywords or values are ignored. If the value of a configuration option contains spaces, it (or at least the space) must be enclosed in either single or double quotes. A default configuration file is provided with the source distribution of rssh. If the configuration file is missing or contains errors, ssh will lock out all users. If a config file is present, the default is to lock out users if no services have been explicitly allowed. New in v2.1 is the ability to configure options on a per-user basis, using the user keyword. More details are below. CONFIGURATION KEYWORDS
allowscp Tells the shell that scp is allowed. allowsftp Tells the shell that sftp is allowed. allowcvs Tells the shell that cvs is allowed. allowrdist Tells the shell that rdist is allowed. allowrsync Tells the shell that rsync is allowed. allowsvnserve Tells the shell that svnserve is allowed. umask Sets the umask value for file creations in the scp/sftp session. This is normally set at login time by the user's shell. In order not to use the system default, rssh must set the umask. logfacility Allows the system administrator to control what syslog facility rssh logs to. The facilities are the same as those used by sys- logd.conf(5), or the C macros for the facilities can be used instead. For example: logfacility=user logfacility=LOG_USER are equivalent, and tell rssh to use the user facility for logging to syslog. chrootpath Causes rssh (actually a helper program) to call the chroot() system call, changing the root of the file system to whatever directory is specified. Note that the value on the right hand side of the equal sign is the name of a directory, not a command. For example: chrootpath=/usr/chroot will change the root of the virtual file system to /usr/chroot, preventing the user from being able to access anything below /usr/chroot in the file system, and making /usr/chroot appear to be the root directory. Care must be taken to set up a proper chroot jail; see the file CHROOT in the rssh source distribution for hints about how to do this. See also the chroot(2) man page. If the user's home directory (as specified in /etc/passwd) is underneath the path specified by this keyword, then the user will be chdir'd into their home directory. If it is not, then they will be chdir'd to the root of the chroot jail. In other words, if the jail is /chroot, and your user's home directory is /chroot/home/user, then once rssh_chroot_helper changes the root of the system, it will cd into /home/user inside the jail. However, if your user's home directory is given as /home/user in /etc/passwd, then even if that directory exists in the jail, the chroot helper will not try to cd there. The user's normal home directory must live inside the jail for this to work. user The user keyword allows for the configuration of options on a per-user basis. THIS KEYWORD OVERRIDES ALL OTHER KEYWORDS FOR THE SPECIFIED USER. That is, if you use a user keyword for user foo, then foo will use only the settings in that user line, and not any of the settings set with the keywords above. The user keyword's argument consists of a group of fields separated by a colon (':'), as shown below. The fields are, in order: username The username of the user for whom the entry provides options umask The umask for this user, in octal, just as it would be specified to the shell access bits Six binary digits, which indicate whether the user is allowed to use rsync, rdist, cvs, sftp, scp and svnserve, in that order. One means the command is allowed, zero means it is not. path The directory to which this user should be chrooted (this is not a command, it is a directory name). See chroot_path above for complete details. For example, you might have something like this: user = luser:022:000010: This does the following: for the user with the username "luser", set the umask to 022, disallow sftp, and allow scp. Because there is no chroot path specified, the user will not be chrooted, regardless of default options set with the keywords above. If you wanted this user to be chrooted, you would need to specify the chroot path explicitly, even if it should be the same as that set using the chrootpath keyword. Remember that if there are spaces in the path, you need to quote it, something like this: user = "luser:022:000010:/usr/local/chroot dir" See the default rssh.conf file for more examples. SEE ALSO
rssh(1), sshd(8), ssh(1), scp(1), sftp(1), svnserve(8), syslogd.conf(5), chroot(2). man pages 7 Jul 2003 RSSH.CONF(5)