Support for Jailed Shell in GPL

10 posts / 0 new
Last post
#1 Mon, 08/15/2011 - 15:51
jfreak53

Support for Jailed Shell in GPL

Does the GPL version support jailed shells or only the purchased version? Also does webmin or usermin support that with a module?

Mon, 08/15/2011 - 16:07
andreychek

Howdy,

Well, either version supports a jailed shell, but only if you provide said shell :-)

It can't create a jail for you... but if you were to install and configure a shell such as lshell:

http://lshell.ghantoos.org/

You can configure Virtualmin to use that by going into System Customization -> Custom Shells.

Also, if you're using FTP -- you can set it to jail users in their home directories by going into Limits and Validation -> FTP Directory Restrictions, and setting up a rule to restrict users in their homedirs.

-Eric

Tue, 08/16/2011 - 09:09
jfreak53

Great, thanks! I tried lshell and love it. I had tried to setup rssh and scponly but neither one of them let me specify my own commands. lshell is pretty good it seems.

Sat, 12/24/2011 - 05:59
yngens

Andreychek, I am also very much thankful to you for pointing me to right direction. I've tried this shell and liked it a lot. I believe Virtualmin should be shipped with this shell as default one.

Sat, 12/24/2011 - 14:49
andreychek

Howdy,

Well, while you're welcome to use any shell -- the reason Virtualmin isn't likely to use that shell by default is that it doesn't actually provide any real security. It only provides the appearance of security :-)

The issue is that, so long as a file or directory is world readable -- there's other ways for users to read those files.

They could simply upload a PHP-based file browser into their website, and browse world readable files that way.

The only way to actually prevent users from gaining access to files across the filesystem that are world readable is to separate the domains within their own VPS, and not use shared hosting.

-Eric

Sat, 12/24/2011 - 14:55
yngens

Well then, can Virtualmin separate the domains within their own accounts? I am on GPL, but would consider switching if commercial version supports isolation.

Sat, 12/24/2011 - 16:30
andreychek

Howdy,

Virtualmin is for shared hosting. However, you can use Cloudmin for setting up and managing VPS's.

And each of those VPS's can run Virtualmin GPL or Pro.

Just like Virtualmin, there is a GPL and Pro version of Cloudmin. You can read about all that here:

https://www.virtualmin.com/documentation/cloudmin

Sat, 12/24/2011 - 16:39
yngens

Oh, I see. I believe I will try that setup on my next server. Now I am reluctant to touch my nearly perfectly working Virtualmin setup.

Thanks!

Sat, 11/03/2012 - 18:51
Patrick70

I realize this is an old post, but I do seem to have a problem with this lshell. While it does indeed work great, when it's enabled (via custom shells), I am no longer able to log into normal FTP (port 21). It will always give me a 503 error, as if the username/password is incorrect.

Mon, 11/05/2012 - 07:37
andreychek

Howdy,

It sounds like you may need to add that shell to /etc/shells... a user can only log into FTP if their shell exists in that config file.

-Eric