From 1df6f903ba4a2438385c6e0e6489eb020ce24b83 Mon Sep 17 00:00:00 2001 From: Ettore Date: Wed, 5 Jun 2019 02:24:43 +0200 Subject: [PATCH] New post: Adding GIT to ISPConfig jailkits Signed-off-by: Ettore --- content/blog/ispconfig-jailkit-git.md | 47 +++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 content/blog/ispconfig-jailkit-git.md diff --git a/content/blog/ispconfig-jailkit-git.md b/content/blog/ispconfig-jailkit-git.md new file mode 100644 index 0000000..37b3ead --- /dev/null +++ b/content/blog/ispconfig-jailkit-git.md @@ -0,0 +1,47 @@ +--- +title: "Adding GIT to ISPConfig jailkits" +tags: ["ispconfig", "git", "jailkit"] +categories: ["recipe"] +description: "How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig" +date: 2019-06-03T00:37:33+02:00 +author: "Ettore Dreucci" +draft: false +--- + +## [[recipe]({{< ref "/categories/recipe" >}})]: How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig + +[ISPConfig](https://www.ispconfig.org/) comes with [jailkit](https://olivier.sessink.nl/jailkit/) enabled so that the “clients” that login via ssh are limited to a chroot shell with only some specific command. **Every client website has its own jailkit.** + +### Enabling a command in an existing jailkit + +If some of your ISPConfig clients need to use the GIT ecosystem you may need to enabled it in the jailkits. + +By default the websites jailkits resides in `/var/www/clients/clientX/webY` so with the `jk_cp` command you can enable a specific command only in one website jailkit as follow: + +``` +jk_cp -j /var/www/clients/clientX/webY/ /usr/bin/git* +jk_cp -j /var/www/clients/clientX/webY/ /bin/uname +jk_cp -j /var/www/clients/clientX/webY/ /usr/share/git-core +``` + +### Enabling a command in all jailkits + +First we need to add an entry for the command in the jailkit init file `/etc/jailkit/jk_init.ini`: + +``` +[git] +comment = Fast Version Control System +executables = /usr/bin/git*, /bin/uname +directories = /usr/share/git-core +includesections = editors +``` + +Then in the ISPConfig section `System -> Server Config -> Jailkit` we need to add the block name we used in the `jk_init.ini` file. + +Now every new jailkit will automatically have GIT enabled. + +#### But I want it enabled in old ones too! + +Then you can use [this](https://git.ispconfig.org/ispconfig/ispconfig3/uploads/aeefb48b10150a76cd38000f6fab1a26/jk_updater_ispc) script to update all your jailkits. Copy it in your system path (`/usr/local/sbin/`), make it executable (`chmod +x /usr/local/sbin/jk_updater_isp`) and run it! + +You can even add a cronjob to keep all your jails updated! \ No newline at end of file