1

I've created a jail with ssh using Finch-Freebsd on a NAS4FREE and added a local non super user to access the jail via ssh.

I want to be able to grant this user limited shell access specifically to shut down the jail and in turn commence a shutdown of the server the jail resides on

How can i give the said user limited shell command rights to initiate the shutdown command?

So far in trying to initiate a sh /etc/rc.shutdown

I get the following output

eval: cannot open /var/run/cron.pid: Permission denied Stopping sshd. kill: 12060: Operation not permitted Stopping lighttpd. kill: 12001: Operation not permitted eval: cannot open /var/db/mysql/RemandYard.pid: Permission denied pututxline: Permission denied Terminated

Kendall
  • 247
  • 2
  • 4
  • 13

2 Answers2

5

As Kassandry said, you can't do this with a command within the jail itself.

What you could do, however, would be to create a separate user (who I will henceforth call closer on the host system. This user should be blocked so that it can only log in with an SSH key.

Your jailed user should have the private key and the password for the key.

On the host side, you grant the closer account sudo permissions:

closer   localhost=NOPASSWD:/usr/sbin/shutdown

On the host side, put the public part of the SSH key in /home/closer/.ssh/authorized_keys. Edit the key so that it starts with

command="sudo /usr/sbin/shutdown",from="1.2.3.4"

and then the actual key follows, all on the same line. (Fix the IP address so that it matches the jail, of course.) Make the authorized_key file and the directory non-writable for the user.

When the user on the jailed system now uses that key to SSH to the host, it will immediately trigger a shutdown. The user will not be able to do anything else with the key - any time they use it to login, it will simply run the command. The key can only be used from this one jail, so you don't risk giving the whole world access to shutdown your server if they somehow get their hands on the key.

Jenny D
  • 27,780
  • 21
  • 75
  • 114
3

Jails specifically forbid the shutdown commands, per the manual page here.

Normal machine shutdown commands, such as halt(8), reboot(8), and shutdown(8), cannot be used successfully within the jail.

Additionally quoting from The Design and Implementation of the FreeBSD Operating System,

Processes running within a jail are not permitted to perform operations that would allow them to see or affect anything running outside their jail. This restriction is implemented in large part by masking the set of named system privileges available to root processes running within a jail. Constrained privileges include:

  • getting information on processes outside the jail;
  • changing kernel variables;
  • mounting or unmounting filesystems;
  • modifying physical network interfaces or configurations; and
  • rebooting the system.

So what you are wanting to do shouldn't actually be possible at all by design in jails. To shut down a jail and the server it resides on you would need to have an actual privileged user on the host system.

Kassandry
  • 689
  • 1
  • 8
  • 15