JFIFxxC      C  " }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr[uidbasics] # this section probably needs adjustment on 64bit systems # or non-Linux systems comment=common files for all jails that need user/group information paths=/lib/libnsl.so.*, /lib64/libnsl.so.*, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.*, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.*, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.*, /etc/nsswitch.conf, /etc/ld.so.conf # Solaris needs # paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf [netbasics] comment=common files for all jails that need any internet connectivity paths=/lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services # on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure [logbasics] comment=timezone information and log sockets paths=/etc/localtime need_logsocket=1 # Solaris does not need logsocket # but needs # devices = /dev/log, /dev/conslog [jk_lsh] comment=Jailkit limited shell paths=/usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini users=root groups=root includesections=uidbasics, logbasics [limitedshell] comment=alias for jk_lsh includesections=jk_lsh [cvs] comment=Concurrent Versions System paths=cvs devices=/dev/null [git] comment=Fast Version Control System paths=/usr/bin/git*, /usr/lib/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager includesections=editors, perl [scp] comment=ssh secure copy paths=scp includesections=netbasics, uidbasics devices=/dev/urandom, /dev/null [sftp] comment=ssh secure ftp paths=/usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server includesections=netbasics, uidbasics devices=/dev/urandom, /dev/null # on solaris #paths = /usr/lib/ssh/sftp-server [ssh] comment=ssh secure shell paths=ssh includesections=netbasics, uidbasics devices=/dev/urandom, /dev/tty, /dev/null [rsync] paths=rsync includesections=netbasics, uidbasics [procmail] comment=procmail mail delivery paths=procmail, /bin/sh devices=/dev/null [basicshell] comment=bash based shell with several basic utilities paths=/bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8, zsh, /etc/zsh/zshrc, /etc/zsh/zshenv, rbash, id, groups users=root groups=root includesections=uidbasics [interactiveshell] comment=for ssh access to a full shell includesections=uidbasics, basicshell, terminfo, editors, extendedshell [midnightcommander] comment=Midnight Commander paths=mc, mcedit, mcview, /usr/share/mc includesections=basicshell, terminfo [extendedshell] comment=bash shell including things like awk, bzip, tail, less paths=awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami includesections=basicshell, midnightcommander, editors [terminfo] comment=terminfo databases, required for example for ncurses or vim paths=/etc/terminfo, /usr/share/terminfo, /lib/terminfo [editors] comment=vim, joe and nano includesections=terminfo paths=joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim [netutils] comment=several internet utilities like wget, ftp, rsync, scp, ssh paths=wget, lynx, ftp, host, rsync, smbclient includesections=netbasics, ssh, sftp, scp [apacheutils] comment=htpasswd utility paths=htpasswd [extshellplusnet] comment=alias for extendedshell + netutils + apacheutils includesections=extendedshell, netutils, apacheutils [openvpn] comment=jail for the openvpn daemon paths=/usr/sbin/openvpn users=root,nobody groups=root,nogroup #includesections = netbasics devices=/dev/urandom, /dev/random, /dev/net/tun includesections=netbasics, uidbasics need_logsocket=1 [apache] comment=the apache webserver, very basic setup, probably too limited for you paths=/usr/sbin/apache users=root, www-data groups=root, www-data includesections=netbasics, uidbasics [perl] comment=the perl interpreter and libraries paths=perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5 [xauth] comment=getting X authentication to work paths=/usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf [xclients] comment=minimal files for X clients paths=/usr/X11R6/lib/X11/rgb.txt includesections=xauth [vncserver] comment=the VNC server program paths=Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/ includesections=xclients [ping] comment=Ping program paths_w_setuid=/bin/ping #[xterm] #comment = xterm #paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo #devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4