Создайте отказоустойчивый SSH-доступ для клиентов с CageFS и без
Форум
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and Plesk
  1. Stéphan Schamp
  2. Friday, 08 August 2014
  3.  Subscribe via email
mkdir -p /usr/share/cagefs-skeleton/usr/local/psa/bin/
cp -a /bin/bash /usr/share/cagefs-skeleton/usr/local/psa/bin/chrootsh
cagefsctl --force-update

This copies /bin/bash to /usr/local/psa/bin/chrootsh inside CageFS.
If a user gets excluded from CageFS his shell will still be chrooted, because it will default to /usr/local/psa/bin/chrootsh outside of CageFS.


sed -i 's#;shell = /usr/local/psa/bin/chrootsh#shell = /usr/local/psa/bin/chrootsh#' /usr/local/psa/admin/conf/site_isolation_settings.ini

This makes sure that customers can only select a chrooted shell, wether they are inside CageFS or not.
Rate this post:
  1. 09.08.2014 11:08:42
  2. # 1
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
You need to use file system templates to add things like this:
http://docs.cloudlinux.com/index.html?file_system_templates.html
  1. 09.08.2014 11:08:26
  2. # 2
Stéphan Schamp Accepted Answer
Posts: 4
Joined: 31.07.2014
0
Votes
Undo
Hi Igor,

I know, I have already created a template for git.

But the issue here is that I want to create either:

a copy of ( /bin/bash or /usr/share/cagefs-skeleton/bin/bash ) or symlink /usr/share/cagefs-skeleton/bin/bash to /usr/share/cagefs-skeleton/usr/local/psa/bin/chrootsh

So that inside CageFS /usr/local/psa/bin/chrootsh is actually /bin/bash


These conditions may only be valid inside CageFS and will not exist outside of CageFS.
Outside of CageFS the /usr/local/psa/bin/chrootsh has to be the actual chroot shell binary.


I can't seem to find how to do this via templating. (symlinking or providing an alternative 'destination name / path'
Any clues?

Thanks!
  1. 09.08.2014 11:08:39
  2. # 3
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
You cannot, and it will brake on CageFS update. CageFS was meant to create safe image that is virtually identical to real binaries. What you are dong was \'never meant to be\'.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
гость
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.