Provided by: jailkit_2.23-2_amd64 
NAME
jk_lsh - a shell that limits the binaries it will execute
SYNOPSIS
jk_lsh -c command
DESCRIPTION
The jailkit limited shell jk_lsh is not an interactive shell. jk_lsh will only execute commands that are
passed during startup (e.g. /bin/sh -c command) and will deny to start all but explicitly allowed
commands. All other commands, or regular shell access are denied. This can be used to restrict an account
to a specific use. For example, jk_lsh can be used to make rsync-, cvs-, sftp- or scp-only accounts, or
even an account that can start firefox or opera but nothing else.
The allowed actions are read from /etc/jailkit/jk_lsh.ini If you run jk_lsh inside a changed root jail,
make sure jk_lsh.ini is present inside that chroot jail.
LIMITATIONS
Some shells can process complex commandlines, such as command1 && command2, or kill `ps |grep foo`. The
limited shell jk_lsh cannot do anything like that, another shell should be used if you want enable such
features. It is not planned to include this in any future version.
OPTIONS
jk_lsh can do word expansion such as *.txt expanding to each file that ends with .txt. This is very
useful when running rsync or scp with jk_lsh. Option allow_word_expansion should be set to 1 in order to
allow this.
jk_lsh can also set environment variables. This is a comma separated list with key=value pairs.
Options can be set for a specific user, for the primary group of a user, or for all users in section
DEFAULT.
EXAMPLE
An example config file for user test or group test is shown below
[DEFAULT]
executables = /usr/bin/scp, /usr/lib/sftp-server, /usr/bin/rsync
paths = /usr/bin/, /usr/lib
allow_word_expansion = 1
[test]
executables = /usr/bin/scp, /usr/lib/sftp-server
paths = /usr/bin/, /usr/lib
allow_word_expansion = 0
umask = 002
[group test]
executables = /usr/bin/rsync
paths = /usr/bin/
allow_word_expansion = 1
environment=TERM=linux,FOO=bar
If user test has primary group test, however, he can not execute rsync in the above example. First the
user section is checked, and only if no user section is found the primary group section is looked for,
and only if no group section is found, the DEFAULT section is looked for. If no section is found, jk_lsh
aborts.
The executables entry specifies all executables that jk_lsh will execute. The paths entry specifies in
which directories jk_lsh will look for these executables if no path is specified. The PATH environment
variable is ignored by jk_lsh. The allow_word_expansion if set to 1, will make jk_lsh do word expansion
(*, ?, ~, $) using wordexp(3) which is very useful for remote commands like rsync server:./* . or scp
server:somedir/* /tmp/ umask if you want a specific umask
The common way to use jk_lsh is to use it as default shell for those restricted accounts. It is
recommended to run these accounts inside a changed root using jk_chrootsh(8)
FILES
/etc/jailkit/jk_lsh.ini /etc/passwd JAIL/etc/jailkit/jk_lsh.ini JAIL/etc/passwd
DIAGNOSTICS
jk_lsh logs errors to syslog, so check your log files. If you run jk_lsh inside a changed root, you have
to have a /dev/log in that changed root. See jk_socketd(8) for more information how to do this.
SEE ALSO
jailkit(8) jk_check(8) jk_chrootlaunch(8) jk_chrootsh(8) jk_cp(8) jk_init(8) jk_jailuser(8) jk_lsh(8)
jk_procmailwrapper(8) jk_socketd(8) jk_uchroot(8) jk_update(8) chroot(2)
COPYRIGHT
Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Olivier Sessink
Copying and distribution of this file, with or without modification, are permitted in any medium without
royalty provided the copyright notice and this notice are preserved.
JAILKIT 07-02-2010 jk_lsh(8)