[uidbasics] # this section probably needs adjustment on 64bit systems # or non-Linux systems comment = common files for all jails that need user/group information libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/x86_64-linux-gnu/libnss*.so.2 regularfiles = /etc/nsswitch.conf, /etc/ld.so.conf [netbasics] comment = common files for all jails that need any internet connectivity libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/x86_64-linux-gnu/libnss_dns.so.2 regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols [logbasics] comment = timezone information regularfiles = /etc/localtime need_logsocket = 1 [jk_lsh] comment = Jailkit limited shell executables = /usr/sbin/jk_lsh regularfiles = /etc/jailkit/jk_lsh.ini users = root groups = root need_logsocket = 1 includesections = uidbasics [limitedshell] comment = alias for jk_lsh includesections = jk_lsh [cvs] comment = Concurrent Versions System executables = /usr/bin/cvs devices = /dev/null [git] comment = Fast Version Control System executables = /usr/bin/git* directories = /usr/share/git-core includesections = editors [scp] comment = ssh secure copy executables = /usr/bin/scp includesections = netbasics, uidbasics devices = /dev/urandom [sftp] comment = ssh secure ftp executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server includesections = netbasics, uidbasics devices = /dev/urandom, /dev/null [ssh] comment = ssh secure shell executables = /usr/bin/ssh includesections = netbasics, uidbasics devices = /dev/urandom, /dev/tty [rsync] executables = /usr/bin/rsync includesections = netbasics, uidbasics [procmail] comment = procmail mail delivery executables = /usr/bin/procmail, /bin/sh devices = /dev/null [basicshell] comment = bash based shell with several basic utilities executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile directories = /usr/lib/locale/en_US.utf8 users = root groups = root includesections = uidbasics [midnightcommander] comment = Midnight Commander executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc includesections = basicshell [extendedshell] comment = bash shell including things like awk, bzip, tail, less executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usr/bin/whoami includesections = basicshell, midnightcommander, editors [editors] comment = vim, joe and nano executables = /usr/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico regularfiles = /etc/vimrc directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo [netutils] comment = several internet utilities like wget, ftp, rsync, scp, ssh executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient includesections = netbasics, ssh, sftp, scp [apacheutils] comment = htpasswd utility executables = /usr/bin/htpasswd [extshellplusnet] comment = alias for extendedshell + netutils + apacheutils includesections = extendedshell, netutils, apacheutils [openvpn] comment = jail for the openvpn daemon executables = /usr/sbin/openvpn users = root,nobody groups = root,nogroup includesections = netbasics devices = /dev/urandom, /dev/random, /dev/net/tun includesections = netbasics, uidbasics need_logsocket = 1 [apache] comment = the apache webserver, very basic setup, probably too limited for you executables = /usr/sbin/apache users = root, www-data groups = root, www-data includesections = netbasics, uidbasics [perl] comment = the perl interpreter and libraries executables = /usr/bin/perl directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5 [xauth] comment = getting X authentication to work executables = /usr/bin/X11/xauth regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf [xclients] comment = minimal files for X clients regularfiles = /usr/X11R6/lib/X11/rgb.txt includesections = xauth [vncserver] comment = the VNC server program executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc directories = /usr/X11R6/lib/X11/fonts/ includesections = xclients #[xterm] #comment = xterm #executables = /usr/bin/X11/xterm #directories = /usr/share/terminfo, /etc/terminfo #devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4