ettore.dreucci/ettore.dreucci.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New post: Adding GIT to ISPConfig jailkits

Browse Source 
Signed-off-by: Ettore <noettore@gmail.com>
This commit is contained in:
Ettore Dreucci
2019-06-05 02:24:43 +02:00
parent bf337726be
commit 1df6f903ba
1 changed files with 47 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
content/blog/ispconfig-jailkit-git.md Normal file
View File

@@ -0,0 +1,47 @@
---
title: "Adding GIT to ISPConfig jailkits"
tags: ["ispconfig", "git", "jailkit"]
categories: ["recipe"]
description: "How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig"
date: 2019-06-03T00:37:33+02:00
author: "Ettore Dreucci"
draft: false
---
## [[recipe]({{< ref "/categories/recipe" >}})]: How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig
[ISPConfig](https://www.ispconfig.org/) comes with [jailkit](https://olivier.sessink.nl/jailkit/) enabled so that the “clients” that login via ssh are limited to a chroot shell with only some specific command. **Every client website has its own jailkit.**
### Enabling a command in an existing jailkit
If some of your ISPConfig clients need to use the GIT ecosystem you may need to enabled it in the jailkits.
By default the websites jailkits resides in `/var/www/clients/clientX/webY` so with the `jk_cp` command you can enable a specific command only in one website jailkit as follow:
```
jk_cp -j /var/www/clients/clientX/webY/ /usr/bin/git*
jk_cp -j /var/www/clients/clientX/webY/ /bin/uname
jk_cp -j /var/www/clients/clientX/webY/ /usr/share/git-core
```
### Enabling a command in all jailkits
First we need to add an entry for the command in the jailkit init file `/etc/jailkit/jk_init.ini`:
```
[git]
comment = Fast Version Control System
executables = /usr/bin/git*, /bin/uname
directories = /usr/share/git-core
includesections = editors
```
Then in the ISPConfig section `System -> Server Config -> Jailkit` we need to add the block name we used in the `jk_init.ini` file.
Now every new jailkit will automatically have GIT enabled.
#### But I want it enabled in old ones too!
Then you can use [this](https://git.ispconfig.org/ispconfig/ispconfig3/uploads/aeefb48b10150a76cd38000f6fab1a26/jk_updater_ispc) script to update all your jailkits. Copy it in your system path (`/usr/local/sbin/`), make it executable (`chmod +x /usr/local/sbin/jk_updater_isp`) and run it!
You can even add a cronjob to keep all your jails updated!