Is chroot the right choice for my use case?

Posted by Anthony on Ask Ubuntu See other posts from Ask Ubuntu or by Anthony
Published on 2012-10-20T22:39:17Z Indexed on 2012/10/20 23:20 UTC
Read the original article Hit count: 253

Filed under:
|
|
|

Backstory:

I am working on setting up a MineCraft server and want to allow admins to have ssh access to the MineCraft server console and appropriate mc server files, but not the whole system. The console provided by the minecraft server is only available to the user that launched the process. In addition, the admins will need terminal access to some basic cli tools such as wget, cp, mv, rm, and a text editor.

Plan:

  • I have already setup the ssh aspect of things, requiring pre-shared keys and whatnot.
  • Setup a jailed environment in which all user activity will be contained.
  • Setup user accounts.
    - The first user account will be the minecraft user. The minecraft user will start the MC server in a multiuser screen session and allow the other admins to attach to it.
    - Subsequent users should have their own /home directory for normal usage.
  • Setup acl for the appropriate files to allow each user to edit the mc server files.

No one will be doing system updates, nor will anyone be installing any programs, so I'll be the only user with sudo.

The Issues:

I don't want the ssh users to have access to the whole system. Users will still need to use wget or curl to update the mc server files. Is chroot the right tool for this use case, or is there something more appropriate for the job? I have no experience setting up a chroot environment and have found several tools to aid in this process. Jailkit seems to be the most robust, but it's not in the standard repos.

© Ask Ubuntu or respective owner

Related posts about server

Related posts about permissions