Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
jk_init(8)			    jk_init			    jk_init(8)

NAME
       jk_init - a utility to quicky create functional jail directories

SYNOPSIS
       jk_init -j jail section

       jk_init -v -f -k	-j jail	section

DESCRIPTION
       It is not an easy task to setup a jail (a changed root) in a functional
       way.  If	 you  want the user to be able to run cvs for example, it will
       not work	to simply copy the cvs binary into the users  jail.  You  will
       find that cvs needs libraries as	well. cvs also needs the /dev/null de-
       vice.  Finally  you  need something to start cvs: you need a shell too.
       And the shell might need	files like /etc/passwd and /etc/nsswitch.conf.

       With jk_init you	can automate these tasks. You can create a section  in
       the  configfile /etc/jailkit/jk_init.ini	that has all the files,	direc-
       tories and devices, and you can use jk_init to setup such a jail	with a
       single command. The default configfile has examples for cvs, sftp, scp,
       rsync and more for Debian and Ubuntu Linux. For other operating systems
       the defaults might need some (minor) updates.

EXAMPLE
       An example configfile section might look	like this:

       [jk_lsh]
       comment = Jailkit limited shell
       paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
       users = root
       groups =	root
       need_logsocket =	1
       includesections = uidbasics

       [sftp]
       comment = ssh secure ftp	with Jailkit limited shell
       paths = /usr/lib/sftp-server
       includesections = netbasics, uidbasics
       devices = /dev/urandom, /dev/null
       emptydirs = /svr

       The comment entry specifies the comment that is shown if	jk_init	option
       -l or --list is used. The paths entry specifies which files and	direc-
       tories  need  to	be copied into the jail. Executables and libraries are
       checked for any required	libraries, and these requirements  are	copied
       too.  All  files	are created with user root as owner. The paths_w_owner
       entry specifies which paths need	to be copied with their	current	owner-
       ship. This can be used to copy files that need  to  be  writable	 by  a
       server  process	that  does  not	run as user root (for example database
       files). The users and groups entries specify  which  users  and	groups
       that need to be present in <jail>/etc/passwd. If	the need_logsocket en-
       try  is	set  to	 "1"  the jk_socketd.ini file is modified to include a
       /dev/log	socket in this jail. The devices entry specifies which devices
       are required in the jail. The  includesections  entry  specifies	 which
       other sections need to be processed as well when	processing the current
       section.	 In the	above example, the jk_lsh section is automatically in-
       cluded if the sftp section is processed.	Finally	 the  emptydirs	 entry
       specifies which directories to create as	empty directories. This	can be
       useful to create	for example mountpoints	in the jail.

DEPRECATED CONFIGFILE ENTRIES
       The  entries executables	, regularfiles , directories and libraries are
       all replaced by the entry paths.	 They are  still  supported,  but  are
       handled similar to the paths entry.

LIMITATIONS
       Many  unix like operating systems install files in different locations.
       The default jk_init config file has  defaults  taken  from  Debian  and
       Ubuntu.	The  default  config file may not work on other	platforms. You
       probably	need to	customise jk_init.ini for your platform	and  your  ap-
       plications.

OPTIONS
       -f --force
	      Force overwriting	of existing files

       -v --verbose
	      Will give	verbose	output

       -k --hardlink
	      Try to create hardlinks instead of copying the files

       -c configfile --configfile=configfile
	      Use alternative configfile

       -l --list
	      List available sections in the config file

       -j --jail <jail>
	      Specify the jail directory to operate on.

       -h --help
	      The help screen

FILES
       /etc/jailkit/jk_init.ini

SEE ALSO
       jailkit(8)   jk_check(8)	  jk_chrootlaunch(8)  jk_chrootsh(8)  jk_cp(8)
       jk_jailuser(8) jk_list(8) jk_lsh(8) jk_procmailwrapper(8) jk_socketd(8)
       jk_uchroot(8) jk_update(8) chroot(2)  ldd(1)  mknod(1)  ln(1)  chmod(1)
       mkdir(1)

COPYRIGHT
       Copyright  (C)  2003,  2004, 2005, 2006,	2007, 2008, 2009, 2010 Olivier
       Sessink

       Copying and distribution	of this	file, with  or	without	 modification,
       are  permitted in any medium without royalty provided the copyright no-
       tice and	this notice are	preserved.

JAILKIT				  07-02-2010			    jk_init(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=jk_init&sektion=8&manpath=FreeBSD+Ports+15.0>

home | help