Blog Master G

Word. And photos, too.

Blog Master G random header image

jailshell-2.05$

Tuesday, May 13th, 2003 · 6 Comments

I logged into my Web server via SSH this morning, as I do every day, to be greeted by a new prompt:

jailshell-2.05$

I was also thrown into the top-level directory, rather than my usual home directory. I began to notice some other differences — new directories, inability to view my live Web logs, as I often do via the following command:

tail -f /usr/local/apache/domlogs/gabeanderson.com

The biggest frustration I would soon encounter, however, was that my ability to send via Pine had been stripped away:

[>Pipe can’t access “/usr/sbin/sendmail”: No such file or directoryTCH to find out what was up with this change in shell.

It turns out that, in an effort to reduce SSH security risk on its servers, TCH has locked down all users with SSH access under what’s called a jail shell, a “UNIX-inside-of-UNIX environment — a kind of ‘jail’ where a process can be restricted to an arbitrary portion of the filesystem.”

As long as TCH restores my sendmail ability in Pine, I’m happy. But until then, this is pretty annoying, though I do understand the need to restrict users with shell access.

Tags: technology

6 responses so far ↓

  • 1 mbi // May 13, 2003 at 1:03 pm

    Hmm, I wonder what they meant by “SSH security risk”.

  • 2 gabe // May 13, 2003 at 1:45 pm

    woohoo! since i’m a loyal customer, TCH has restored my full access to the shell. no more jailshell for me! 🙂

  • 3 Erick // Oct 17, 2003 at 3:08 pm

    Heh… you are currently the first hit when I google for “jailshell”. My web host did the same thing to me. I haven’t played around with it enough yet to see what limits it puts on me though. So far it appears to have broken sftp… I’m about to complain to them about that. I’m still searching for some documentation on this thing…

  • 4 Simon Andrews // Nov 18, 2003 at 5:52 am

    So jailshell is basically a poormans shell for GUI only programmers and it sucks like a quality whore.

    The only good thing ive found about jailshell so far is the money back guarantee that came with the account.

    If I dont get my cash back I’ll let you know who they are so all can avoid.

    As Cartman said ‘i am so pissed off right now’

    Sy-co

  • 5 John Wolgamot // Jan 21, 2004 at 10:22 pm

    I’ve been trying to secure ssh on my server so co-workers friends can access it without me having to worry about them messing it up. When I found that his isp’s shell had this prompt I did a search to see how they implemented it so I could use it on my system.

    We use no http://ftp... only ssh. wsftp has a facility to work over ssh but you can browse the entire system even if you log in as a user.

    I’ve been looking for an easy wasy to jail ssh users. It hasn’t been easy for an inexperienced user like me.

  • 6 Tim Allender // Aug 29, 2004 at 6:40 pm

    I’m in both boats. My hosting ISP gives me a jailshell and I am looking for both documentation on it, and where I can get it for my own server to allow my school mates to practice remote access via shell on my home machines.