9 posts / 0 new
Topic locked
Last post
#1 Tue, 04/21/2009 - 15:41
jaldeguer

Jailkit

I read a post here about jailkit being considered to provide chrooting SSH. I have already successfully used it on my Virtualmin GPL server. I was also pleasantly surprised to find out how easy it was to chroot a user using jailkit. Is this already included in the pro version?

Tue, 04/21/2009 - 15:44
andreychek

No, it's not being included now, though they're exploring using a similar feature available in more recent SSH versions.

Some thoughts on that are included in this bug report:

http://www.virtualmin.com/index.php?option=com_flyspray&Itemid=82&am...

Tue, 04/21/2009 - 15:54 (Reply to #2)
Joe
Joe's picture

Actually, it is very unlikely chroot will ever be a standard feature in Virtualmin. No matter how easy it becomes, unless/until the serious security implications are corrected (which seems impossible, if I understand the issue correctly) we're not going to encourage people to do something dangerous just because it <i>looks</i> like better security.

The right solution, if there is one short of full virtualization (Xen) or near-virtualization (vservers, OpenVZ, Zones), will make use of SELinux rather than chroot. SELinux is and has always been intended as a security feature. chroot never has been. SELinux doesn't break privilege separation. chroot does.

--

Check out the forum guidelines!

Tue, 04/21/2009 - 16:03 (Reply to #3)
Joe
Joe's picture

Oh, and we do have a product for managing Xen and vservers and Zones coming out in a few days.

--

Check out the forum guidelines!

Tue, 04/21/2009 - 16:50
jaldeguer

Thanks for the clarification. Looking forward to the new product managing xen servers!!!

Wed, 08/09/2017 - 21:05
hescominsoon

supporting cloudlinux would address the issues jailkit intends to solve.

Fri, 08/11/2017 - 15:31 (Reply to #6)
Joe
Joe's picture

No, it wouldn't. Cloudlinux isn't needed for any of the things we're using jailkit for.

--

Check out the forum guidelines!

Sun, 07/22/2018 - 09:59
michelv

So I see the option "Base directory for Jailkit directories" under Virtualmin configuration. Does that mean jailkit is now supported by virtualmin? Do I need to install it seperately?

Tue, 07/31/2018 - 17:18 (Reply to #8)
Joe
Joe's picture

Jailkit is supported in Virtualmin, yes. And, you only need to install something if you installed long enough ago that it wasn't part of the default installation (if you installed using a 6.x version of the installer, you already have it, if you didn't you don't). There's probably some minor other config stuff to do, I don't remember how much we handle in Virtualmin and how much we handle in the installer in terms of setting it up and configuring it.

--

Check out the forum guidelines!

Topic locked