Is chroot the right choice for my use case?
- by Anthony
Backstory:
I am working on setting up a MineCraft server and want to allow admins to have ssh access to the MineCraft server console and appropriate mc server files, but not the whole system. The console provided by the minecraft server is only available to the user that launched the process. In addition, the admins will need terminal access to some basic cli tools such as wget, cp, mv, rm, and a text editor.
Plan:
I have already setup the ssh aspect of things, requiring pre-shared
keys and whatnot.
Setup a jailed environment in which all user activity will be contained.
Setup user accounts.
- The first user account will be the minecraft user. The minecraft user will start the MC server in a multiuser screen session and allow the other admins to attach to it.
- Subsequent users should have their own /home directory for normal usage.
Setup acl for the appropriate files to allow each user to edit the mc server files.
No one will be doing system updates, nor will anyone be installing any programs, so I'll be the only user with sudo.
The Issues:
I don't want the ssh users to have access to the whole system. Users will still need to use wget or curl to update the mc server files. Is chroot the right tool for this use case, or is there something more appropriate for the job? I have no experience setting up a chroot environment and have found several tools to aid in this process. Jailkit seems to be the most robust, but it's not in the standard repos.