H-Sphere Sysadmin Guide

H-Sphere Jail

(H-Sphere 3.1 and up)

  
 

H-Sphere jail shell provides chrooted shell enviroment with a set of widely used utils and file managers. It is implemented via hsphere-jail-X.X-X package where X.X-X is the latest available package version.

If the corresponding resource is enabled for the account, user's SSH access is realised in the chrooted enviroment limited by the user home directory.

During jail execution by the SSHD daemon the formed jail skeletons are bound to the corresponding mount points in the user's home. For this purpose jaild daemon is used, which communicates with jail client via a UNIX socket. If none ssh connections are established by unix user, the mount points become unmounted by the related cron task during next 2 minutes.

 

Utilities

hsphere-jail package includes a set of the following widely used utilities: cat, echo, ln, mkdir, ps, rm, sh, cp, date, kill, ls, mv, pwd, rmdir, sleep, md5/md5sum, ping, awk, diff, find, id, sed, tar, whereis, basename, dirname, grep, ldd, sort, touch, which, cut, du, head, more, tail, vi, whoami, clear.

These utilities with the corresponding list of required libraries and share configuration directories/dbs are formed in the predefined location during package install and may be recreated in the case of system update via native package managers.

 

File Managers

The following widely used file managers are available:

  • mc - GNU Midnight Commander
  • ytree - Ytree a UNIX Filemanager
  • vifm - ViFM a UNIX Filemanager

 

Scripts

List of the included scripts follows:

  • /hsphere/local/config/jail/scripts/check_jail checks whether utilities and their libraries, which are included in the jail enviroment, were changed (for example after system update). If so, the /hsphere/local/config/jail/scripts/config_jail is executed.
  • /hsphere/local/config/jail/scripts/config_jail is used for forming jail enviroment and executed in the post-install package section or via the /hsphere/local/config/jail/scripts/check_jail script.
  • /hsphere/local/config/jail/scripts/jailmount is a realization of jaild daemon which accepts connection from the jail client when establishing ssh connection. It requires daemon tools and unixserver installed on the boxes.
  • /hsphere/local/config/jail/scripts/jailumount is a cron task responsible for unmounting unused mountpoints initiated during previous SSH connections by users with valid jail shell.

 


© Copyright 1998-2008. Positive Software Corporation.
All rights reserved.