jk_uchroot - grant regular users the right to change root into certain directories

       Copyright (C) 2003, 2004, 2005, 2006, 2007, 2018 Olivier Sessink

       Copying  and distribution of this file, with or without modification, are permitted in any medium without
       royalty provided the copyright notice and this notice are preserved.

JAILKIT                                            07-02-2010                                      jk_uchroot(8)

       jk_uchroot can be used to give regular users access to the chroot() system call in a safe way. jk_uchroot
       will  only  grant  chroot  into  a  jail  if the configuration file lists this user and jail combination.
       jk_uchroot will furthermore only grant access if the chroot jail is safe. Safe means that it is owned  by
       uid  0  gid  0  and not writable for others, including the system directories such as  /bin, /lib, /dev/,
       /sbin, and /usr.

       jk_uchroot needs certain elevated privileges to make the chroot(2) system call. Therefore  it  is  setuid
       root.  It  will drop its root privileges immediately after making the chroot() system call. Since Jailkit
       2.8 jk_uchroot may also use the CAP_SYS_CHROOT capability on systems that support capabilities, and  then
       the setuid bit can be removed.

       [john]
       allowed_jails = /srv/johnjail, /srv/commonjail
       skip_injail_passwd_check = 1

       [group users]
       allowed_jails = /srv/commonjail
       skip_injail_passwd_check = 1

       In  the above example jk_uchroot is configured not to check if the user exists in the /etc/passwd file in
       the jails.

       jk_uchroot logs everything to syslog, please check the  log  files.  Logging  is  sent  to  the  LOG_AUTH
       facility  with  levels LOG_ERR and LOG_CRIT for critical errors, LOG_NOTICE for non-critical errors,  and
       LOG_INFO for normal events. On most systems the command grepjk_/var/log/* will give you the information
       you need.

/etc/jailkit/jk_uchroot.ini

       jk_uchroot - grant regular users the right to change root into certain directories

jailkit(8)jk_check(8)jk_chrootlaunch(8)jk_chrootsh(8)jk_cp(8)jk_init(8)jk_jailuser(8)jk_list(8)jk_lsh(8)jk_procmailwrapper(8)jk_socketd(8)jk_update(8)chroot(2)syslogd(8)

jk_uchroot-j<jail>-x<executable>