Virtualmin Team did a great job getting over years and many discussions a new feature, jailing VM users to their home directories. You will discover over a while it is more than jailing.
This feature is available starting with Virtualmin 6.0. Here are the steps to get it working:
1) Install jailkit package. In Debian use the following command: "apt-get install jailkit". It is important getting jailkit package from Virtualmin repository because it was changed by the VM Team to achieve the proper functionality.
2) If you want using a Webmin module for jailkit we got one too. In Debian use the following command: "apt-get install webmin-jailkit". Once it is installed you will find a new section in Webmin -> System -> Jailkit Jail Manager. if you get an error accessing this section you have to install libconfig-inifiles-perl package. My personal opinion if VM Team could add this dependency when installing the module it will be great.
3) Jailing VM users it is simple. Go to Virtualmin -> Administration Options -> Edit Owner Limits. In Other restrictions section the last option is "Chroot jail domain Unix user?". If you set it to Yes and click [Save] the owner and all the users will be jailed.
My feedback:
If you access your server by ssh using the owner account you will get a file system which is rooted in /home/owner_name.
The script is doing a mounting with bind option which means what you change in jailed folders will be instantly visible in default folders. When you set this option to No, /home/chroot/XXXXXXXX/owner_name folder will be emptied (it is just an umount). All your files are now in /home/owner_name with all changes, no lost.
Once a user is jailed /etc/fstab file will be modified according. In case you reboot the system you will get it mounted at boot.
VM Team promised they will update the documentation for this feature. Please test it and come with feedback.
Thank you all.
Thanks for writing this up! I want to get the "enable vm6 features and migrate to vm6 repos" tool finished first, and then provide docs and automation at the same time. But, getting feedback on the most complicated new feature in Virtualmin 6 is great, too!
--
Check out the forum guidelines!
i installed virtualmin on Centos7 server, how can install and enable Jailkit for virtualmin?
It's installed by default since Virtualmin 6. It's already in there, you just need to turn it on in Server Templates under Administrative User. The option is labeled "Chroot jail new domain Unix users?".
The Jailkit module is also installed by default, so you can edit the binaries included in the Jail.
--
Check out the forum guidelines!
what are the advantages beside ssh jail directory in using this module. I activate it but why wso shell still can traverse upper directory to the root folder.
Or it is something that i miss the configuration ?