Parallels H-Sphere Documentation System Administrator Guide

 

H-Sphere Jail

(H-Sphere 3.1 and up)
 
 

Related Docs:   Obtaining Direct Access To Server (User Guide)

Last modified: 27 Dec 2007

 

WARNING: This documentation covers Parallels H-Sphere versions up to 3.1. For the latest up-to-date Parallels H-Sphere documentation, please proceed to the official Parallels site.

H-Sphere jail shell provides chrooted shell enviroment with a set of widely used utils and file managers. It is implemented via hsphere-jail-X.X-X package where X.X-X is the latest available package version.

If the corresponding resource is enabled for the account, user's SSH access is realised in the chrooted enviroment limited by the user home directory.

During jail execution by the SSHD daemon the formed jail skeletons are bound to the corresponding mount points in the user's home. For this purpose jaild daemon is used, which communicates with jail client via a UNIX socket. If none ssh connections are established by unix user, the mount points become unmounted by the related cron task during next 2 minutes.

 

Utilities

hsphere-jail package includes a set of the following widely used utilities: cat, echo, ln, mkdir, ps, rm, sh, cp, date, kill, ls, mv, pwd, rmdir, sleep, md5/md5sum, ping, awk, diff, find, id, sed, tar, whereis, basename, dirname, grep, ldd, sort, touch, which, cut, du, head, more, tail, vi, whoami, clear.

These utilities with the corresponding list of required libraries and share configuration directories/dbs are formed in the predefined location during package install and may be recreated in the case of system update via native package managers.

 

File Managers

The following widely used file managers are available:

  • mc - GNU Midnight Commander
  • ytree - Ytree a UNIX Filemanager
  • vifm - ViFM a UNIX Filemanager

 

Scripts

List of the included scripts follows:

  • /hsphere/local/config/jail/scripts/check_jail checks whether utilities and their libraries, which are included in the jail enviroment, were changed (for example after system update). If so, the /hsphere/local/config/jail/scripts/config_jail is executed.
  • /hsphere/local/config/jail/scripts/config_jail is used for forming jail enviroment and executed in the post-install package section or via the /hsphere/local/config/jail/scripts/check_jail script.
  • /hsphere/local/config/jail/scripts/jailmount is a realization of jaild daemon which accepts connection from the jail client when establishing ssh connection. It requires daemon tools and unixserver installed on the boxes.
  • /hsphere/local/config/jail/scripts/jailumount is a cron task responsible for unmounting unused mountpoints initiated during previous SSH connections by users with valid jail shell.

Related Docs:   Obtaining Direct Access To Server (User Guide)



© Copyright 2017. Parallels Holdings. All rights reserved.