InTheWoods
Verified User
So, I've enabled Jailed Shell / Bubblewrap via the CustomBuild option in DA as well as ran ./build bubblewrap as it was unclear from the CustomBuild UI based on the otuput if I needed to run that manually or not,though I received the 'Success' message in both instances anyhow.
It was my understanding that jailed shell meant that a user would be unable to break out of their home directory to view the contents, file or directory structure of the remaining server, regardless of if they have the ability to modify such files.
For example, logged in as a demo user on my server who has shell access to his shared account, I can do the following as a quick example:
Granted, I can't actually modify that file. But I can view it's contents as a shared hosting customer, and that's concerning. Some folders I locked down more than others, where I can't use things like 'ls' to view files/directories within them, others, as shown... not so much.
The goal is to be able to offer shell access that will not allow a user to view the directory structure of the server and also restrict certain commands from being issued, namely anything that may violate the privacy of any other user on the system or reveal system/server stats to the user that isn't relevant to the service in question.
For example, right now I can run: "ip a" and see every IP address assigned to this server. Since customers will have dedicated IPv6 addresses assigned to their accounts for the purpose of creating HTTP tunnels for the I2P network, this will reveal to someone all other potential users. I can also view the content of files that will show a user how the server is configured, which is a concern.
So my questions are:
1.) Is there a guide somewhere that shows how best to lock this down so that the user can not break out of their home directory to view anything at all.
2.) Is there the option to restrict certain commands that would reveal server stats or reveal other users. Everything from 'htop' to... whatever else. There's a ton of commands that aren't needed in a shared environment.
It was my understanding that jailed shell meant that a user would be unable to break out of their home directory to view the contents, file or directory structure of the remaining server, regardless of if they have the ability to modify such files.
For example, logged in as a demo user on my server who has shell access to his shared account, I can do the following as a quick example:
Code:
demo@lux01-shared:~$ ls
domains imap Maildir public_html tmp
demo@lux01-shared:~$ cd /
demo@lux01-shared:/$ ls
aquota.group bin dev home initrd.img.old lib32 libx32 media opt root sbin sys usr vmlinuz
aquota.user boot etc initrd.img lib lib64 lost+found mnt proc run srv tmp var vmlinuz.old
demo@lux01-shared:/$ cd boot
demo@lux01-shared:/boot$ ls
config-4.19.0-13-amd64 grub initrd.img-4.19.0-5-amd64 System.map-4.19.0-5-amd64 vmlinuz-4.19.0-5-amd64
config-4.19.0-5-amd64 initrd.img-4.19.0-13-amd64 System.map-4.19.0-13-amd64 vmlinuz-4.19.0-13-amd64
demo@lux01-shared:/boot$ cd grub
demo@lux01-shared:/boot/grub$ ls
fonts grub.cfg grubenv i386-pc locale unicode.pf2
demo@lux01-shared:/boot/grub$ cat grub.cfg
#
# DO NOT EDIT THIS FILE
#
(ETC ETC ETC)Granted, I can't actually modify that file. But I can view it's contents as a shared hosting customer, and that's concerning. Some folders I locked down more than others, where I can't use things like 'ls' to view files/directories within them, others, as shown... not so much.
The goal is to be able to offer shell access that will not allow a user to view the directory structure of the server and also restrict certain commands from being issued, namely anything that may violate the privacy of any other user on the system or reveal system/server stats to the user that isn't relevant to the service in question.
For example, right now I can run: "ip a" and see every IP address assigned to this server. Since customers will have dedicated IPv6 addresses assigned to their accounts for the purpose of creating HTTP tunnels for the I2P network, this will reveal to someone all other potential users. I can also view the content of files that will show a user how the server is configured, which is a concern.
So my questions are:
1.) Is there a guide somewhere that shows how best to lock this down so that the user can not break out of their home directory to view anything at all.
2.) Is there the option to restrict certain commands that would reveal server stats or reveal other users. Everything from 'htop' to... whatever else. There's a ton of commands that aren't needed in a shared environment.
