gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: a014c2c4 | patch | commit | ignore whitespace

Modified install / update to copy over jailkit configs Included jailkit con...

daniel

2008-06-08 61d290c124aa65c9ad2edd183617b92660f92289

Modified install / update to copy over jailkit configs
Included jailkit config templates
Added bash.bashrc and motd templates to copy over for for chroot system
Updated ispconfig vhost to include php fastcgi configs if fastcgi is enabled. What if the module is loaded too ?
TODO: jailkit chroot is still not loading the modified motd in /etc/motd and /var/run/motd ??

5 files added

7 files modified

	install/dist/conf/debian40.conf.php	5 ●●●●● patch \| view \| raw \| blame \| history
	install/dist/conf/gentoo.conf.php	5 ●●●●● patch \| view \| raw \| blame \| history
	install/install.php	4 ●●●●● patch \| view \| raw \| blame \| history
	install/lib/installer_base.lib.php	19 ●●●●● patch \| view \| raw \| blame \| history
	install/tpl/jk_chrootsh.ini.master	13 ●●●●● patch \| view \| raw \| blame \| history
	install/tpl/jk_init.ini.master	151 ●●●●● patch \| view \| raw \| blame \| history
	install/update.php	6 ●●●●● patch \| view \| raw \| blame \| history
	interface/bin/php-fcgi	10 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/bash.bashrc.master	63 ●●●●● patch \| view \| raw \| blame \| history
	server/conf/motd.master	4 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/apache2_plugin.inc.php	8 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_jailkit_plugin.inc.php	45 ●●●●● patch \| view \| raw \| blame \| history

 install/dist/conf/debian40.conf.php

@@ -76,4 +76,9 @@
$conf['mydns']['config_dir'] = '/etc';
$conf['mydns']['init_script'] = 'mydns';

//* Jailkit
$conf['jailkit']['config_dir'] = '/etc/jailkit';
$conf['jailkit']['jk_init'] = 'jk_init.ini';
$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';

?>

 install/dist/conf/gentoo.conf.php

@@ -62,4 +62,9 @@
$dist['mydns']['config_dir'] = '/etc';
$dist['mydns']['init_script'] = 'mydns';

//* Jailkit
$conf['jailkit']['config_dir'] = '/etc/jailkit';
$conf['jailkit']['jk_init'] = 'jk_init.ini';
$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';

?>

 install/install.php

@@ -134,6 +134,10 @@

    //* Configure postfix
    $inst->configure_postfix();
	
    //* Configure postfix
    swriteln('Configuring Jailkit');
    $inst->configure_jailkit();

    //* Configure saslauthd
    swriteln('Configuring SASL');

 install/lib/installer_base.lib.php

@@ -183,7 +183,24 @@
        wf($full_file_name, $content);
    }


    public function configure_jailkit()
    {
        $cf = $this->conf['jailkit'];
        $config_dir = $cf['config_dir'];
        $jk_init = $cf['jk_init'];
        $jk_chrootsh = $cf['jk_chrootsh'];
		
        if (!is_dir($config_dir))
        {
            copy($config_dir.'/'.$jk_init, $config_dir.'/'.$jk_init.'~');
            copy($config_dir.'/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh.'~');
			
            copy('tpl/'.$jk_init.".master", $config_dir.'/'.$jk_init);
            copy('tpl/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh);
        }
		
    }
        
    public function configure_postfix($options = '')
    {
        $cf = $this->conf['postfix'];

 install/tpl/jk_chrootsh.ini.master

New file
@@ -0,0 +1,13 @@
## example for a user
#[test]
#env= DISPLAY, XAUTHORITY
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#env = DISPLAY, XAUTHORITY
#
[DEFAULT]
#relax_home_group=1
skip_injail_passwd_check=1
injail_shell=/bin/bash
env = TERM, PATH

 install/tpl/jk_init.ini.master

New file
@@ -0,0 +1,151 @@
[uidbasics]
# this section probably needs adjustment on 64bit systems
# or non-Linux systems
comment = common files for all jails that need user/group information
libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2
regularfiles = /etc/nsswitch.conf /etc/ld.so.conf

[netbasics]
comment = common files for all jails that need any internet connectivity
libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2
regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols

[logbasics]
comment = timezone information
regularfiles = /etc/localtime
need_logsocket = 1

[jk_lsh]
comment = Jailkit limited shell
executables = /usr/sbin/jk_lsh
regularfiles = /etc/jailkit/jk_lsh.ini
users = root
groups = root
need_logsocket = 1
includesections = uidbasics

[limitedshell]
comment = alias for jk_lsh
includesections = jk_lsh

[cvs]
comment = Concurrent Versions System
executables = /usr/bin/cvs
devices = /dev/null

[git]
comment = Fast Version Control System
executables = /usr/bin/git*
directories = /usr/share/git-core
includesections = editors

[scp]
comment = ssh secure copy
executables = /usr/bin/scp
includesections = netbasics, uidbasics
devices = /dev/urandom

[sftp]
comment = ssh secure ftp
executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null

[ssh]
comment = ssh secure shell
executables = /usr/bin/ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty

[rsync]
executables = /usr/bin/rsync
includesections = netbasics, uidbasics

[procmail]
comment = procmail mail delivery
executables = /usr/bin/procmail, /bin/sh
devices = /dev/null

[basicshell]
comment = bash based shell with several basic utilities
executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
directories = /usr/lib/locale/en_US.utf8
users = root
groups = root
includesections = uidbasics

[midnightcommander]
comment = Midnight Commander
executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
includesections = basicshell

[extendedshell]
comment = bash shell including things like awk, bzip, tail, less
executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami
includesections = basicshell, midnightcommander, editors

[editors]
comment = vim, joe and nano
executables = /usb/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico
regularfiles = /etc/vimrc
directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo

[netutils]
comment = several internet utilities like wget, ftp, rsync, scp, ssh
executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
includesections = netbasics, ssh, sftp, scp

[apacheutils]
comment = htpasswd utility
executables = /usr/bin/htpasswd

[extshellplusnet]
comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils

[openvpn]
comment = jail for the openvpn daemon
executables = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
includesections = netbasics
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1

[apache]
comment = the apache webserver, very basic setup, probably too limited for you
executables = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics

[perl]
comment = the perl interpreter and libraries
executables = /usr/bin/perl
directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

[xauth]
comment = getting X authentication to work
executables = /usr/bin/X11/xauth
regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

[xclients]
comment = minimal files for X clients
regularfiles = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth

[vncserver]
comment = the VNC server program
executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
directories = /usr/X11R6/lib/X11/fonts/
includesections = xclients


#[xterm]
#comment = xterm
#executables = /usr/bin/X11/xterm
#directories = /usr/share/terminfo, /etc/terminfo
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

 install/update.php

@@ -134,7 +134,11 @@
if($reconfigure_services_answer == 'yes') {
    //** Configure postfix
    $inst->configure_postfix('dont-create-certs');

	
    //* Configure postfix
    swriteln('Configuring Jailkit');
    $inst->configure_jailkit();
	
    //** Configure saslauthd
    swriteln('Configuring SASL');
    $inst->configure_saslauthd();

 interface/bin/php-fcgi

New file
@@ -0,0 +1,10 @@
#!/bin/sh 
PHPRC="/etc/php5/cgi/" 
export PHPRC 
PHP_DOCUMENT_ROOT="/usr/local/ispconfig/interface/web/"
export PHP_DOCUMENT_ROOT
PHP_FCGI_CHILDREN=8 
export PHP_FCGI_CHILDREN 
PHP_FCGI_MAX_REQUESTS=5000 
export PHP_FCGI_MAX_REQUESTS 
exec /usr/bin/php-cgi $1

 server/conf/bash.bashrc.master

New file
@@ -0,0 +1,63 @@

<tmpl_if name='jailkit_chroot'>
## Hack for Jailkit User to change back to the logged in user ##
if [ "$LOGNAME" != $USER ]; then
 export HOME=<tmpl_var name='home_dir'>$LOGNAME
 export USER=$LOGNAME
 export USERNAME=$LOGNAME
 cd $HOME
fi

## Change machine hostname to site domain ##
export HOSTNAME=<tmpl_var name='domain'>

</tmpl_if>


# If not running interactively, don't do anything
[ -z "$PS1" ] && return


# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"


# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color)
    PS1='\[\033[01;32m\]$USER@$HOSTNAME\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
    ;;
*)
    PS1='\$USER@$HOSTNAME:\w\$ '
    ;;
esac


# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
    PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
    ;;
*)
    ;;
esac


# enable color support of ls and also add handy aliases
if [ "$TERM" != "dumb" ]; then
    eval "`dircolors -b`"
    alias ls='ls --color=auto'
    #alias dir='ls --color=auto --format=vertical'
    #alias vdir='ls --color=auto --format=long'
fi

# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'



 server/conf/motd.master

New file
@@ -0,0 +1,4 @@
Welcome To Site <tmpl_var name='domain'>




 server/plugins-available/apache2_plugin.inc.php

@@ -385,10 +385,12 @@
            $fastcgi_config = $app->getconf->get_server_config($conf["server_id"], 'fastcgi');
            
            $fastcgi_starter_path = str_replace("[system_user]",$data["new"]["system_user"],$fastcgi_config["fastcgi_starter_path"]);
            $fastcgi_starter_path = str_replace("[client_id]",$client_id,$fastcgi_starter_path);
			
            if (!is_dir($fastcgi_starter_path))
            {
                exec("mkdir -p $fastcgi_starter_path");
                exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." $fastcgi_starter_path");
                exec("mkdir -p ".escapeshellcmd($fastcgi_starter_path));
                exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($fastcgi_starter_path));
                
                
                $app->log("Creating fastcgi starter script directory: $fastcgi_starter_path",LOGLEVEL_DEBUG);
@@ -403,7 +405,7 @@
            $fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
            $fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);
                
            $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path."/".$fastcgi_config["fastcgi_starter_script"]);
            $fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
            file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
            unset($fcgi_tpl);
            

 server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -100,6 +100,9 @@
    }
    
    //* This function is called, when a shell user is deleted in the database
    /**
     * TODO: Remove chroot user home and from the chroot passwd file
     */ 
    function delete($event_name,$data) {
        global $app, $conf;
        
@@ -110,7 +113,8 @@
            
            $jailkit_chroot_userhome = $this->_get_home_dir($data['old']['username']);
            
            exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
            //commented out proved to be dangerous on config errors
            //exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
            
            
            $app->log("Jalikit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);
@@ -135,6 +139,36 @@
                
                $this->_add_jailkit_programs();
                
                //add bash.bashrc script
                //we need to collect the domain name to be used as the HOSTNAME in the bashrc script
                $web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"]));
				
                $this->app->load('tpl');
		
                $tpl = new tpl();
                $tpl->newTemplate("bash.bashrc.master");
				
                $tpl->setVar('jailkit_chroot',true);
                $tpl->setVar('domain',$web['domain']);
                $tpl->setVar('home_dir',$this->_get_home_dir(""));
				
                $bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc';
                exec('rm '.$bashrc);
				
                file_put_contents($bashrc,$tpl->grab());
                unset($tpl);
				
                $this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);
				
                $tpl = new tpl();
                $tpl->newTemplate("motd.master");
				
                $tpl->setVar('domain',$web['domain']);
				
                $motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd';
                exec('rm '.$motd);
				
                file_put_contents($motd,$tpl->grab());
                
            }
    }
@@ -174,15 +208,16 @@
                
                $this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);
                
                exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_userhome);
                exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_userhome);
                exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));
                exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));
                
                $this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);
                
                exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_puserhome);
                exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_puserhome);
                exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome));
                exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome));
                
                $this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);
				
            }    
    }

			@@ -76,4 +76,9 @@
			$conf['mydns']['config_dir'] = '/etc';
			$conf['mydns']['init_script'] = 'mydns';

			//* Jailkit
			$conf['jailkit']['config_dir'] = '/etc/jailkit';
			$conf['jailkit']['jk_init'] = 'jk_init.ini';
			$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';

			?>

			@@ -62,4 +62,9 @@
			$dist['mydns']['config_dir'] = '/etc';
			$dist['mydns']['init_script'] = 'mydns';

			//* Jailkit
			$conf['jailkit']['config_dir'] = '/etc/jailkit';
			$conf['jailkit']['jk_init'] = 'jk_init.ini';
			$conf['jailkit']['jk_chrootsh'] = 'jk_chrootsh.ini';

			?>

			@@ -134,6 +134,10 @@

			//* Configure postfix
			$inst->configure_postfix();

			//* Configure postfix
			swriteln('Configuring Jailkit');
			$inst->configure_jailkit();

			//* Configure saslauthd
			swriteln('Configuring SASL');

			@@ -183,7 +183,24 @@
			wf($full_file_name, $content);
			}


			public function configure_jailkit()
			{
			$cf = $this->conf['jailkit'];
			$config_dir = $cf['config_dir'];
			$jk_init = $cf['jk_init'];
			$jk_chrootsh = $cf['jk_chrootsh'];

			if (!is_dir($config_dir))
			{
			copy($config_dir.'/'.$jk_init, $config_dir.'/'.$jk_init.'~');
			copy($config_dir.'/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh.'~');

			copy('tpl/'.$jk_init.".master", $config_dir.'/'.$jk_init);
			copy('tpl/'.$jk_chrootsh.".master", $config_dir.'/'.$jk_chrootsh);
			}

			}

			public function configure_postfix($options = '')
			{
			$cf = $this->conf['postfix'];

New file
			@@ -0,0 +1,13 @@
			## example for a user
			#[test]
			#env= DISPLAY, XAUTHORITY
			#
			##example for a group, there should be only 1 space inbetween the words!
			#[group users]
			#env = DISPLAY, XAUTHORITY
			#
			[DEFAULT]
			#relax_home_group=1
			skip_injail_passwd_check=1
			injail_shell=/bin/bash
			env = TERM, PATH

New file
			@@ -0,0 +1,151 @@
			[uidbasics]
			# this section probably needs adjustment on 64bit systems
			# or non-Linux systems
			comment = common files for all jails that need user/group information
			libraries = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss.so.2, /lib64/libnss.so.2
			regularfiles = /etc/nsswitch.conf /etc/ld.so.conf

			[netbasics]
			comment = common files for all jails that need any internet connectivity
			libraries = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2
			regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols

			[logbasics]
			comment = timezone information
			regularfiles = /etc/localtime
			need_logsocket = 1

			[jk_lsh]
			comment = Jailkit limited shell
			executables = /usr/sbin/jk_lsh
			regularfiles = /etc/jailkit/jk_lsh.ini
			users = root
			groups = root
			need_logsocket = 1
			includesections = uidbasics

			[limitedshell]
			comment = alias for jk_lsh
			includesections = jk_lsh

			[cvs]
			comment = Concurrent Versions System
			executables = /usr/bin/cvs
			devices = /dev/null

			[git]
			comment = Fast Version Control System
			executables = /usr/bin/git*
			directories = /usr/share/git-core
			includesections = editors

			[scp]
			comment = ssh secure copy
			executables = /usr/bin/scp
			includesections = netbasics, uidbasics
			devices = /dev/urandom

			[sftp]
			comment = ssh secure ftp
			executables = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server
			includesections = netbasics, uidbasics
			devices = /dev/urandom, /dev/null

			[ssh]
			comment = ssh secure shell
			executables = /usr/bin/ssh
			includesections = netbasics, uidbasics
			devices = /dev/urandom, /dev/tty

			[rsync]
			executables = /usr/bin/rsync
			includesections = netbasics, uidbasics

			[procmail]
			comment = procmail mail delivery
			executables = /usr/bin/procmail, /bin/sh
			devices = /dev/null

			[basicshell]
			comment = bash based shell with several basic utilities
			executables = /bin/sh, /bin/bash, /bin/ls, /bin/cat, /bin/chmod, /bin/mkdir, /bin/cp, /bin/cpio, /bin/date, /bin/dd, /bin/echo, /bin/egrep, /bin/false, /bin/fgrep, /bin/grep, /bin/gunzip, /bin/gzip, /bin/ln, /bin/ls, /bin/mkdir, /bin/mktemp, /bin/more, /bin/mv, /bin/pwd, /bin/rm, /bin/rmdir, /bin/sed, /bin/sh, /bin/sleep, /bin/sync, /bin/tar, /bin/touch, /bin/true, /bin/uncompress, /bin/zcat
			regularfiles = /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile
			directories = /usr/lib/locale/en_US.utf8
			users = root
			groups = root
			includesections = uidbasics

			[midnightcommander]
			comment = Midnight Commander
			executables = /usr/bin/mc, /usr/bin/mcedit, /usr/bin/mcview
			directories = /etc/terminfo, /usr/share/terminfo, /usr/share/mc
			includesections = basicshell

			[extendedshell]
			comment = bash shell including things like awk, bzip, tail, less
			executables = /usr/bin/awk, /usr/bin/bzip2, /usr/bin/bunzip2, /usr/bin/ldd, /usr/bin/less, /usr/bin/clear, /usr/bin/cut, /usr/bin/du, /usr/bin/find, /usr/bin/head, /usr/bin/less, /usr/bin/md5sum, /usr/bin/nice, /usr/bin/sort, /usr/bin/tac, /usr/bin/tail, /usr/bin/tr, /usr/bin/sort, /usr/bin/wc, /usr/bin/watch, /usb/bin/whoami
			includesections = basicshell, midnightcommander, editors

			[editors]
			comment = vim, joe and nano
			executables = /usb/bin/joe, /usr/bin/nano, /usr/bin/vi, /usr/bin/vim, /usr/bin/pico
			regularfiles = /etc/vimrc
			directories = /etc/joe, /etc/terminfo, /usr/share/vim, /usr/share/terminfo, /lib/terminfo

			[netutils]
			comment = several internet utilities like wget, ftp, rsync, scp, ssh
			executables = /usr/bin/wget, /usr/bin/lynx, /usr/bin/ftp, /usr/bin/host, /usr/bin/rsync, /usr/bin/smbclient
			includesections = netbasics, ssh, sftp, scp

			[apacheutils]
			comment = htpasswd utility
			executables = /usr/bin/htpasswd

			[extshellplusnet]
			comment = alias for extendedshell + netutils + apacheutils
			includesections = extendedshell, netutils, apacheutils

			[openvpn]
			comment = jail for the openvpn daemon
			executables = /usr/sbin/openvpn
			users = root,nobody
			groups = root,nogroup
			includesections = netbasics
			devices = /dev/urandom, /dev/random, /dev/net/tun
			includesections = netbasics, uidbasics
			need_logsocket = 1

			[apache]
			comment = the apache webserver, very basic setup, probably too limited for you
			executables = /usr/sbin/apache
			users = root, www-data
			groups = root, www-data
			includesections = netbasics, uidbasics

			[perl]
			comment = the perl interpreter and libraries
			executables = /usr/bin/perl
			directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

			[xauth]
			comment = getting X authentication to work
			executables = /usr/bin/X11/xauth
			regularfiles = /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

			[xclients]
			comment = minimal files for X clients
			regularfiles = /usr/X11R6/lib/X11/rgb.txt
			includesections = xauth

			[vncserver]
			comment = the VNC server program
			executables = /usr/bin/Xvnc, /usr/bin/Xrealvnc
			directories = /usr/X11R6/lib/X11/fonts/
			includesections = xclients


			#[xterm]
			#comment = xterm
			#executables = /usr/bin/X11/xterm
			#directories = /usr/share/terminfo, /etc/terminfo
			#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

			@@ -134,7 +134,11 @@
			if($reconfigure_services_answer == 'yes') {
			//** Configure postfix
			$inst->configure_postfix('dont-create-certs');


			//* Configure postfix
			swriteln('Configuring Jailkit');
			$inst->configure_jailkit();

			//** Configure saslauthd
			swriteln('Configuring SASL');
			$inst->configure_saslauthd();

New file
			@@ -0,0 +1,10 @@
			#!/bin/sh
			PHPRC="/etc/php5/cgi/"
			export PHPRC
			PHP_DOCUMENT_ROOT="/usr/local/ispconfig/interface/web/"
			export PHP_DOCUMENT_ROOT
			PHP_FCGI_CHILDREN=8
			export PHP_FCGI_CHILDREN
			PHP_FCGI_MAX_REQUESTS=5000
			export PHP_FCGI_MAX_REQUESTS
			exec /usr/bin/php-cgi $1

New file
			@@ -0,0 +1,63 @@

			<tmpl_if name='jailkit_chroot'>
			## Hack for Jailkit User to change back to the logged in user ##
			if [ "$LOGNAME" != $USER ]; then
			export HOME=<tmpl_var name='home_dir'>$LOGNAME
			export USER=$LOGNAME
			export USERNAME=$LOGNAME
			cd $HOME
			fi

			## Change machine hostname to site domain ##
			export HOSTNAME=<tmpl_var name='domain'>

			</tmpl_if>


			# If not running interactively, don't do anything
			[ -z "$PS1" ] && return


			# check the window size after each command and, if necessary,
			# update the values of LINES and COLUMNS.
			shopt -s checkwinsize

			# make less more friendly for non-text input files, see lesspipe(1)
			[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"


			# set a fancy prompt (non-color, unless we know we "want" color)
			case "$TERM" in
			xterm-color)
			PS1='\[\033[01;32m\]$USER@$HOSTNAME\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
			;;
			*)
			PS1='\$USER@$HOSTNAME:\w\$ '
			;;
			esac


			# If this is an xterm set the title to user@host:dir
			case "$TERM" in
			xterm\|rxvt)
			PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
			;;
			*)
			;;
			esac


			# enable color support of ls and also add handy aliases
			if [ "$TERM" != "dumb" ]; then
			eval "`dircolors -b`"
			alias ls='ls --color=auto'
			#alias dir='ls --color=auto --format=vertical'
			#alias vdir='ls --color=auto --format=long'
			fi

			# some more ls aliases
			#alias ll='ls -l'
			#alias la='ls -A'
			#alias l='ls -CF'

New file
			@@ -0,0 +1,4 @@
			Welcome To Site <tmpl_var name='domain'>

			@@ -385,10 +385,12 @@
			$fastcgi_config = $app->getconf->get_server_config($conf["server_id"], 'fastcgi');

			$fastcgi_starter_path = str_replace("[system_user]",$data["new"]["system_user"],$fastcgi_config["fastcgi_starter_path"]);
			$fastcgi_starter_path = str_replace("[client_id]",$client_id,$fastcgi_starter_path);

			if (!is_dir($fastcgi_starter_path))
			{
			exec("mkdir -p $fastcgi_starter_path");
			exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." $fastcgi_starter_path");
			exec("mkdir -p ".escapeshellcmd($fastcgi_starter_path));
			exec("chown ".$data["new"]["system_user"].":".$data["new"]["system_group"]." ".escapeshellcmd($fastcgi_starter_path));


			$app->log("Creating fastcgi starter script directory: $fastcgi_starter_path",LOGLEVEL_DEBUG);
			@@ -403,7 +405,7 @@
			$fcgi_tpl->setVar('php_fcgi_max_requests',$fastcgi_config["fastcgi_max_requests"]);
			$fcgi_tpl->setVar('php_fcgi_bin',$fastcgi_config["fastcgi_bin"]);

			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path."/".$fastcgi_config["fastcgi_starter_script"]);
			$fcgi_starter_script = escapeshellcmd($fastcgi_starter_path.$fastcgi_config["fastcgi_starter_script"]);
			file_put_contents($fcgi_starter_script,$fcgi_tpl->grab());
			unset($fcgi_tpl);

			@@ -100,6 +100,9 @@
			}

			//* This function is called, when a shell user is deleted in the database
			/**
			* TODO: Remove chroot user home and from the chroot passwd file
			*/
			function delete($event_name,$data) {
			global $app, $conf;

			@@ -110,7 +113,8 @@

			$jailkit_chroot_userhome = $this->_get_home_dir($data['old']['username']);

			exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);
			//commented out proved to be dangerous on config errors
			//exec('rm -rf '.$data['old']['dir'].$jailkit_chroot_userhome);


			$app->log("Jalikit Plugin -> delete chroot home:".$data['old']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);
			@@ -135,6 +139,36 @@

			$this->_add_jailkit_programs();

			//add bash.bashrc script
			//we need to collect the domain name to be used as the HOSTNAME in the bashrc script
			$web = $this->app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id = ".intval($this->data['new']["parent_domain_id"]));

			$this->app->load('tpl');

			$tpl = new tpl();
			$tpl->newTemplate("bash.bashrc.master");

			$tpl->setVar('jailkit_chroot',true);
			$tpl->setVar('domain',$web['domain']);
			$tpl->setVar('home_dir',$this->_get_home_dir(""));

			$bashrc = escapeshellcmd($this->data['new']['dir']).'/etc/bash.bashrc';
			exec('rm '.$bashrc);

			file_put_contents($bashrc,$tpl->grab());
			unset($tpl);

			$this->app->log("Added bashrc scrpt : ".$bashrc,LOGLEVEL_DEBUG);

			$tpl = new tpl();
			$tpl->newTemplate("motd.master");

			$tpl->setVar('domain',$web['domain']);

			$motd = escapeshellcmd($this->data['new']['dir']).'/var/run/motd';
			exec('rm '.$motd);

			file_put_contents($motd,$tpl->grab());

			}
			}
			@@ -174,15 +208,16 @@

			$this->app->log("Added jailkit user to chroot with command: ".$command,LOGLEVEL_DEBUG);

			exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_userhome);
			exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_userhome);
			exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));
			exec("chown ".$this->data['new']['username'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_userhome));

			$this->app->log("Added created jailkit user home in : ".$this->data['new']['dir'].$jailkit_chroot_userhome,LOGLEVEL_DEBUG);

			exec("mkdir -p ".$this->data['new']['dir'].$jailkit_chroot_puserhome);
			exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".$this->data['new']['dir'].$jailkit_chroot_puserhome);
			exec("mkdir -p ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome));
			exec("chown ".$this->data['new']['puser'].":".$this->data['new']['pgroup']." ".escapeshellcmd($this->data['new']['dir'].$jailkit_chroot_puserhome));

			$this->app->log("Added created jailkit parent user home in : ".$this->data['new']['dir'].$jailkit_chroot_puserhome,LOGLEVEL_DEBUG);

			}
			}