ettore.dreucci/ettore.dreucci.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1df6f903ba4a2438385c6e0e6489eb020ce24b83
ettore.dreucci.it/content/blog/ispconfig-jailkit-git.md
Ettore 1df6f903ba New post: Adding GIT to ISPConfig jailkits 
Signed-off-by: Ettore <noettore@gmail.com>
2019-06-05 02:24:43 +02:00

47 lines
2.0 KiB
Markdown
Raw Blame History

---
title: "Adding GIT to ISPConfig jailkits"
tags: ["ispconfig", "git", "jailkit"]
categories: ["recipe"]
description: "How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig"
date: 2019-06-03T00:37:33+02:00
author: "Ettore Dreucci"
draft: false
---
## [[recipe]({{< ref "/categories/recipe" >}})]: How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig
[ISPConfig](https://www.ispconfig.org/) comes with [jailkit](https://olivier.sessink.nl/jailkit/) enabled so that the “clients” that login via ssh are limited to a chroot shell with only some specific command. **Every client website has its own jailkit.**
### Enabling a command in an existing jailkit
If some of your ISPConfig clients need to use the GIT ecosystem you may need to enabled it in the jailkits.
By default the websites jailkits resides in `/var/www/clients/clientX/webY` so with the `jk_cp` command you can enable a specific command only in one website jailkit as follow:
```
jk_cp -j /var/www/clients/clientX/webY/ /usr/bin/git*
jk_cp -j /var/www/clients/clientX/webY/ /bin/uname
jk_cp -j /var/www/clients/clientX/webY/ /usr/share/git-core
```
### Enabling a command in all jailkits
First we need to add an entry for the command in the jailkit init file `/etc/jailkit/jk_init.ini`:
```
[git]
comment = Fast Version Control System
executables = /usr/bin/git*, /bin/uname
directories = /usr/share/git-core
includesections = editors
```
Then in the ISPConfig section `System -> Server Config -> Jailkit` we need to add the block name we used in the `jk_init.ini` file.
Now every new jailkit will automatically have GIT enabled.
#### But I want it enabled in old ones too!
Then you can use [this](https://git.ispconfig.org/ispconfig/ispconfig3/uploads/aeefb48b10150a76cd38000f6fab1a26/jk_updater_ispc) script to update all your jailkits. Copy it in your system path (`/usr/local/sbin/`), make it executable (`chmod +x /usr/local/sbin/jk_updater_isp`) and run it!
You can even add a cronjob to keep all your jails updated!
Reference in New Issue View Git Blame Copy Permalink