I'm going through an setting up some additional user space, that I need to isolate from the rest of the filesystem on my systems. At present, I'm at a loss, as to what is my best option. I already have scopony, but I need to permit ssh logins, so a chroot jail is my only real option.
On the primary system, an XServer running 10.5.8, I have tried to set up jailkit, but the MacPorts version of python26 fails to compile, no-matter what I try to do, making this a base problem.
One of the things I noted from various documentation, is that if I set ownership on volumes to root, that this will make using AFP volumes impossible, and I do need to maintain AFP access on all the volumes, as they are mounted remotely for media (and other file) access.
Can anyone confirm, or deny, if establishing a chroot jail will make it impossible to mount AFP volumes elsewhere on the network?
I would be interested in reading the experiences of anyone else on this subject. One way out, which seems a bit of absurd, is for me to install FreeBSD in a VM, and run jails from there, but I would think I could manage to establish a jailed environment without using a secondary server in a VM.
As to the jailkit package: Jailkit depends on python26, and until I get some kind of positive response to my MacPorts ticket for python26, I am at a standstill. No variant of jailkit is in the ports DB, of any sort, much less one that can use my existing python frameworks.
Edit: I performed a manual make for jailkit (v2.4, to be safe for Leopard). it seems to be working, but all of the user docs assume usage on Linux, and many components differer. I ran jk_adduser, just to see what would happen, and it errored out with:
groupadd: command not fount
useradd: command not found
If anyone has used jailkit on OSX, I would absolutely appreciate a walk-through on setup of the environment. I have searched for more information, and Oliver's website only has one thread on the subject, which was of no help. Any instructions for setting it up, modifying whatever I am required to modify, and establishing the config files (and hopefully tying it to specific groups, etc.) would be absolutely super.
On the primary system, an XServer running 10.5.8, I have tried to set up jailkit, but the MacPorts version of python26 fails to compile, no-matter what I try to do, making this a base problem.
One of the things I noted from various documentation, is that if I set ownership on volumes to root, that this will make using AFP volumes impossible, and I do need to maintain AFP access on all the volumes, as they are mounted remotely for media (and other file) access.
Can anyone confirm, or deny, if establishing a chroot jail will make it impossible to mount AFP volumes elsewhere on the network?
I would be interested in reading the experiences of anyone else on this subject. One way out, which seems a bit of absurd, is for me to install FreeBSD in a VM, and run jails from there, but I would think I could manage to establish a jailed environment without using a secondary server in a VM.
As to the jailkit package: Jailkit depends on python26, and until I get some kind of positive response to my MacPorts ticket for python26, I am at a standstill. No variant of jailkit is in the ports DB, of any sort, much less one that can use my existing python frameworks.
Edit: I performed a manual make for jailkit (v2.4, to be safe for Leopard). it seems to be working, but all of the user docs assume usage on Linux, and many components differer. I ran jk_adduser, just to see what would happen, and it errored out with:
groupadd: command not fount
useradd: command not found
If anyone has used jailkit on OSX, I would absolutely appreciate a walk-through on setup of the environment. I have searched for more information, and Oliver's website only has one thread on the subject, which was of no help. Any instructions for setting it up, modifying whatever I am required to modify, and establishing the config files (and hopefully tying it to specific groups, etc.) would be absolutely super.
Last edited: