Commit 9730d315 authored by betz's avatar betz

jailed ci user headings

parent 1ef52e34
Pipeline #36794550 passed with stages
in 1 minute and 15 seconds
...@@ -2,45 +2,54 @@ ...@@ -2,45 +2,54 @@
title: "Jailed CI user" title: "Jailed CI user"
linktitle: "Jailed CI user" linktitle: "Jailed CI user"
state: running state: running
maintainer: 'Askarel'
--- ---
Our setup for a jailed CI user. # Our setup for a jailed CI user.
- Create a regular user ## Create a regular user
~~~~ ~~~~
# adduser --home /home/ci-jail/ci-jail --shell /bin/sh ci-jail # adduser --home /home/ci-jail/ci-jail --shell /bin/sh ci-jail
~~~~ ~~~~
- Install static busybox
## Install static busybox
~~~~ ~~~~
# apt-get install busybox-static # apt-get install busybox-static
~~~~ ~~~~
- Create directories
## Create directories
~~~~ ~~~~
# mkdir -p /home/ci-jail/dev /home/ci-jail/bin /home/ci-jail/www /home/ci-jail/ci-jail/.ssh # mkdir -p /home/ci-jail/dev /home/ci-jail/bin /home/ci-jail/www /home/ci-jail/ci-jail/.ssh
~~~~ ~~~~
- Copy busybox to it's destination
## Copy busybox to it's destination
~~~~ ~~~~
# cp /bin/busybox /home/ci-jail/bin # cp /bin/busybox /home/ci-jail/bin
~~~~ ~~~~
- Use busybox to install the symlinks in the jail
## Use busybox to install the symlinks in the jail
~~~~ ~~~~
# chroot /home/ci-jail /bin/busybox --install -s /bin # chroot /home/ci-jail /bin/busybox --install -s /bin
~~~~ ~~~~
- Add your ssh key to the jail
## Add your ssh key to the jail
~~~~ ~~~~
# echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC98TAUD9PPuzRj5uyHWlxZiXGLm1JI7T2hPNwmW9pU5V/guoJ90VTNQ7lugEoX8HYxB7JC0/RA5ogJBkhcQHIAMIGT6yM7F2zzVv9LadbiMU0KrB2dZVmPKKxi49uqqj+d8zIWTbm4tLf7xdF42kr7c2AUl1kYzaD1ymlAXSavvHTg7y/h2/mZ36F7WZmVwa7Q6iI5Vuca66lauwGgl1ETS2lwneQn+CWDZFMSFDT9TmphR8mpISi8063oTwvvHa/t0bpeQnKltg1iqM2YGTlIGTgXuEWsiAARfF96zhOUAXseA9WHeCTDUITmycFau4+ILxVH47Z6oC11W52BtwIf [email protected]' > /home/ci-jail/ci-jail/.ssh/authorized_keys # echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC98TAUD9PPuzRj5uyHWlxZiXGLm1JI7T2hPNwmW9pU5V/guoJ90VTNQ7lugEoX8HYxB7JC0/RA5ogJBkhcQHIAMIGT6yM7F2zzVv9LadbiMU0KrB2dZVmPKKxi49uqqj+d8zIWTbm4tLf7xdF42kr7c2AUl1kYzaD1ymlAXSavvHTg7y/h2/mZ36F7WZmVwa7Q6iI5Vuca66lauwGgl1ETS2lwneQn+CWDZFMSFDT9TmphR8mpISi8063oTwvvHa/t0bpeQnKltg1iqM2YGTlIGTgXuEWsiAARfF96zhOUAXseA9WHeCTDUITmycFau4+ILxVH47Z6oC11W52BtwIf [email protected]' > /home/ci-jail/ci-jail/.ssh/authorized_keys
~~~~ ~~~~
- Set the permissions to the files and directories
## Set the permissions to the files and directories
~~~~ ~~~~
# chown -R ci-jail:ci-jail /home/ci-jail/ci-jail # chown -R ci-jail:ci-jail /home/ci-jail/ci-jail
# chown -R ci-jail:ci-jail /home/ci-jail/www # chown -R ci-jail:ci-jail /home/ci-jail/www
~~~~ ~~~~
- Add the following to your sshd config (file /etc/ssh/sshd):
## Add the following to your sshd config (file /etc/ssh/sshd):
~~~~ ~~~~
Match user ci-jail Match user ci-jail
ChrootDirectory /home/ci-jail ChrootDirectory /home/ci-jail
~~~~ ~~~~
- Restart your ssh daemon
## Restart your ssh daemon
~~~~ ~~~~
/etc/init.d/ssh restart /etc/init.d/ssh restart
~~~~ ~~~~
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment