cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1b6e355dec
openbsd-ports/security/jailkit/patches/patch-man_jk_lsh_8
sebastia 41e766dd7b Import jailkit-2.12: utilities for jailing a user or process 
Jailkit is a set of utilities to limit user accounts to specific
files using chroot() and or specific commands. Setting up a chroot
shell, a shell limited to some specific command, or a daemon inside
a chroot jail is a lot easier and can be automated using these utilities.

After merging in what ajacoutot@ already had, and some final feedback from 
him, OK ajacoutot@
2010-09-20 07:15:30 +00:00

51 lines
1.9 KiB
Plaintext
Raw Blame History

$OpenBSD: patch-man_jk_lsh_8,v 1.1.1.1 2010/09/20 07:15:31 sebastia Exp $
--- man/jk_lsh.8.orig Sun Feb 7 17:13:06 2010
+++ man/jk_lsh.8 Tue Sep 14 19:08:21 2010
@@ -12,7 +12,7 @@ jk_lsh \- a shell that limits the binaries it will exe
The jailkit limited shell jk_lsh is not an interactive shell. jk_lsh will only execute commands that are passed during startup (e.g. /bin/sh -c command) and will deny to start all but explicitly allowed commands. All other commands, or regular shell access are denied. This can be used to restrict an account to a specific use. For example, jk_lsh can be used to make rsync-, cvs-, sftp- or scp-only accounts, or even an account that can start firefox or opera but nothing else.
The allowed actions are read from
-.I /etc/jailkit/jk_lsh.ini
+.I ${SYSCONFDIR}/jailkit/jk_lsh.ini
If you run jk_lsh inside a changed root jail, make sure jk_lsh.ini is present inside that chroot jail.
.SH LIMITATIONS
@@ -33,19 +33,19 @@ An example config file for user test or group test is
.nf
.sp
[DEFAULT]
-executables = /usr/bin/scp, /usr/lib/sftp-server, /usr/bin/rsync
-paths = /usr/bin/, /usr/lib
+executables = /usr/bin/scp, /usr/libexec/sftp-server, ${LOCALBASE}/bin/rsync
+paths = /usr/bin/, /usr/libexec, ${LOCALBASE}/bin
allow_word_expansion = 1
[test]
-executables = /usr/bin/scp, /usr/lib/sftp-server
-paths = /usr/bin/, /usr/lib
+executables = /usr/bin/scp, /usr/libexec/sftp-server
+paths = /usr/bin/, /usr/libexec
allow_word_expansion = 0
umask = 002
[group test]
-executables = /usr/bin/rsync
-paths = /usr/bin/
+executables = ${LOCALBASE}/bin/rsync
+paths = ${LOCALBASE}/bin/
allow_word_expansion = 1
environment=TERM=linux,FOO=bar
.fi
@@ -71,9 +71,9 @@ The common way to use jk_lsh is to use it as default s
.BR jk_chrootsh(8)
.SH FILES
-.I /etc/jailkit/jk_lsh.ini
+.I ${SYSCONFDIR}/jailkit/jk_lsh.ini
.I /etc/passwd
-.I JAIL/etc/jailkit/jk_lsh.ini
+.I JAIL${SYSCONFDIR}/jailkit/jk_lsh.ini
.I JAIL/etc/passwd
.SH DIAGNOSTICS
Reference in New Issue View Git Blame Copy Permalink