1) First, install the scripts and binaries (note, currently for apache 1.3.x only):
|
cd /usr/local/directadmin/customapache |
2) It's recommended you make backups of /etc/passwd, /etc/shadow, /etc/group, and /etc/master.passwd (if you have it)
|
cp -f /etc/passwd /etc/passwd.backup |
3) To jail a specific user, this command is used:
|
cd /usr/local/directadmin/customapache/jail |
If they are to use jailed CGI, then
|
SetEnv JAIL_DIR |HOME| |
would need to be added to their virtualhosts (where home is their home directory, eg: /home/username).
Note that php through apache is not jailed, so enableing safemode and open_basedir would be recommended.
To *automate* the jailing process, you can create /usr/local/directadmin/scripts/custom/user_create_post.sh and fill it with:
|
#!/bin/sh |
Then chmod it to 755:
|
chmod 755 /usr/local/directadmin/scripts/custom/user_create_post.sh |
To automate the cgi jailing, then the SetEnv option has to be added to any virtualhost that is to use the jailing. Create /usr/local/directadmin/scripts/custom/domain_create_post.sh with the following:
|
#!/bin/sh |
and chmod to 755, like the user_create_post.sh script.
4) Since a user can be created without ssh, and it gets added later, we'll need to create a user_modify_post.sh script as well, but since it's the same code, we'll just create a symbolic link.
|
ln -s user_create_post.sh /usr/local/directadmin/scripts/custom/user_modify_post.sh |
Note, that the jail_user.sh isn't going to be very speedy as it has to transfer over all program binaries and libraries that would be needed inside the jail. This takes time. It also takes a huge amount of space that will not be counted in the users total disk usage.