- Download both the files in a directory.
- Make sure that 'l2chroot.txt' exists in same location
- Run with sudo permission
sudo ./jailuser customuser
This works in Ubuntu and Debian
#!/bin/bash | |
D=/home/www-sftp | |
U=$1 | |
if [ "$EUID" -ne 0 ]; then | |
echo "Requires root permission .." | |
echo "Usage: 'sudo $0 newusername'" | |
exit 1 | |
fi | |
if [[ -z "$U" ]]; then | |
echo "username can't be empty .." | |
echo "Usage: 'sudo $0 newusername'" | |
exit 1 | |
fi | |
if [ ! -d "$D" ]; then | |
echo "Creating Jail Root .."; | |
mkdir -vp $D | |
### 1] Create `/dev` directories | |
ls -l /dev/{null,zero,stdin,stdout,stderr,random,tty} | |
mkdir -vp $D/dev/ | |
mknod -m 666 $D/dev/null c 1 3 | |
mknod -m 666 $D/dev/tty c 5 0 | |
mknod -m 666 $D/dev/zero c 1 5 | |
mknod -m 666 $D/dev/random c 1 8 | |
chown root:root $D | |
chmod 0755 $D | |
ls -ld $D | |
### 2] Copy required bin commands to $D | |
# 2.1 download script | |
# wget http://www.cyberciti.biz/files/lighttpd/l2chroot.txt | |
mv l2chroot.txt /root/l2chroot | |
chmod +x /root/l2chroot | |
# vi /root/l2chroot | |
# BASE="/home/www-sftp" | |
# 2.2 make dirs | |
cd $D | |
mkdir -vp $D/bin | |
mkdir -vp $D/lib/ | |
mkdir -vp $D/lib64/ | |
mkdir -vp $D/lib/x86_64-linux-gnu/ | |
# 2.3 copy commands and ldd's | |
cp -v /bin/bash $D/bin/ | |
cp -v /bin/ls $D/bin/ | |
cp -v /bin/date $D/bin/ | |
/root/l2chroot /bin/bash | |
/root/l2chroot /bin/ls | |
/root/l2chroot /bin/date | |
# ldd /bin/bash | |
# 2.4 copy other .so's | |
cp -va /lib/x86_64-linux-gnu/libnss_files* $D/lib/x86_64-linux-gnu/ | |
# others (for cp users later) | |
mkdir $D/etc/ | |
fi | |
### 3] users and groups | |
# 3.1 create user | |
useradd -g www-data $U | |
echo "New password for user '$U'"; | |
passwd $U | |
# 3.2 copy user list | |
cp -vf /etc/{passwd,group} $D/etc/ | |
# On every update | |
# D=/home/www-sftp | |
# cp -vf /etc/{passwd,group} $D/etc/ | |
# 3.3 configure ssh | |
#vi /etc/ssh/sshd_config | |
echo "Match User $U" >> /etc/ssh/sshd_config | |
echo " ChrootDirectory /home/www-sftp" >> /etc/ssh/sshd_config | |
echo " ForceCommand internal-sftp" >> /etc/ssh/sshd_config | |
systemctl restart ssh.service | |
service ssh restart | |
### 4] Map Home Directory | |
mkdir -vp $D/home/$U | |
chown -R $U:www-data $D/home/$U/ | |
chmod -R 0700 $D/home/$U/ | |
### 5] Mount 'web' Directory | |
echo "Execute the below to 'Mount the web Directory'" | |
echo "" | |
echo "mkdir -v $D/home/$U/folder-name" | |
echo "mount --bind /var/www/folder-name $D/home/$U/folder-name" | |
echo "chown $U:www-data $D/home/$U/folder-name/" | |
echo "echo \"/var/www/folder-name $D/home/$U/folder-name none bind\" >> /etc/fstab" |
#!/bin/bash | |
# Use this script to copy shared (libs) files to Apache/Lighttpd chrooted | |
# jail server. | |
# ---------------------------------------------------------------------------- | |
# Written by nixCraft <http://www.cyberciti.biz/tips/> | |
# (c) 2006 nixCraft under GNU GPL v2.0+ | |
# + Added ld-linux support | |
# + Added error checking support | |
# ------------------------------------------------------------------------------ | |
# See url for usage: | |
# http://www.cyberciti.biz/tips/howto-setup-lighttpd-php-mysql-chrooted-jail.html | |
# ------------------------------------------------------------------------------- | |
# Set CHROOT directory name | |
# BASE="/webroot" | |
BASE="/home/www-sftp" | |
if [ $# -eq 0 ]; then | |
echo "Syntax : $0 /path/to/executable" | |
echo "Example: $0 /usr/bin/php5-cgi" | |
exit 1 | |
fi | |
[ ! -d $BASE ] && mkdir -p $BASE || : | |
# iggy ld-linux* file as it is not shared one | |
FILES="$(ldd $1 | awk '{ print $3 }' |egrep -v ^'\(')" | |
echo "Copying shared files/libs to $BASE..." | |
for i in $FILES | |
do | |
d="$(dirname $i)" | |
[ ! -d $BASE$d ] && mkdir -p $BASE$d || : | |
/bin/cp $i $BASE$d | |
done | |
# copy /lib/ld-linux* or /lib64/ld-linux* to $BASE/$sldlsubdir | |
# get ld-linux full file location | |
sldl="$(ldd $1 | grep 'ld-linux' | awk '{ print $1}')" | |
# now get sub-dir | |
sldlsubdir="$(dirname $sldl)" | |
if [ ! -f $BASE$sldl ]; | |
then | |
echo "Copying $sldl $BASE$sldlsubdir..." | |
/bin/cp $sldl $BASE$sldlsubdir | |
else | |
: | |
fi |