Add command like vi, vim to chrooted SSH user

chroot
lxd
lxc
jails
sysadmin

#1

i followed article Debian/Ubuntu Linux: Restrict an SSH user session to a specific directory by setting chrooted jail and created ssh chrooted jailed ssh account succesullly. but, now, the problem is.
my user chrooted can do nothing else show file listing and change directory.
how to add command like vi or vim, or chmod for chrooted user.?
using ubuntu 14.04 server.
thanks !


#2

You need to copy vi/vim binary to chrooted directory and related files. For example if chrooted jail is at /home/users as root:

D=/home/users
mkdir -p $D/usr/bin
cp -a /usr/bin/vim $D 

Next get libs needed to run vim:

ldd /usr/bin/vim

You will get a list of libs as follows:

	linux-vdso.so.1 =>  (0x00007ffe9abd4000)
	libgtk-3.so.0 => /usr/lib/x86_64-linux-gnu/libgtk-3.so.0 (0x00007f2848f22000)
	libgdk-3.so.0 => /usr/lib/x86_64-linux-gnu/libgdk-3.so.0 (0x00007f2848c17000)
	libpangocairo-1.0.so.0 => /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 (0x00007f2848a0a000)
	libpango-1.0.so.0 => /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0 (0x00007f28487bc000)
	libcairo.so.2 => /usr/lib/x86_64-linux-gnu/libcairo.so.2 (0x00007f28484ab000)
	libgdk_pixbuf-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 (0x00007f2848287000)
	libgio-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x00007f2847eec000)
	libgobject-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x00007f2847c98000)
	libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x00007f2847984000)
	libSM.so.6 => /usr/lib/x86_64-linux-gnu/libSM.so.6 (0x00007f284777c000)
	libICE.so.6 => /usr/lib/x86_64-linux-gnu/libICE.so.6 (0x00007f2847561000)
	libXt.so.6 => /usr/lib/x86_64-linux-gnu/libXt.so.6 (0x00007f28472f8000)
	libX11.so.6 => /usr/lib/x86_64-linux-gnu/libX11.so.6 (0x00007f2846fbf000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f2846c69000)
	libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f2846a40000)
	libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f2846818000)
.....
....
...
	libboost_filesystem.so.1.62.0 => /usr/lib/x86_64-linux-gnu/libboost_filesystem.so.1.62.0 (0x00007f283cb91000)
	libkj-0.5.3.so => /usr/lib/x86_64-linux-gnu/libkj-0.5.3.so (0x00007f283c96a000)
	libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f283c65c000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f283c436000)
	liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f283c21e000)
	libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f283c009000)

You need to create those dir and copy files too. For example:

mkdir $D/lib
mkdir $D/usr/lib
cp -a  /lib/x86_64-linux-gnu/libgpg-error.so.0 $D/lib

Repeat steps for all files produced by ldd. For more info see chroot command examples here

Chroot method gets compilcated. So I suggest you take a look at lxd/lxc:

Another option is just to create containers using lxd. See:

  1. How to install and setup LXC (Linux Container) on Fedora Linux 26
  2. How to install LXD container hypervisor on Ubuntu 16.04 LTS
  3. How to install LXD container under KVM or Xen virtual machine