Adding GIT to ISPConfig jailkits
3 Jun 2019
Ettore Dreucci
2 minute read

[recipe, sysadmin]: How to add the GIT ecosystem to one/all jailkit(s) in ISPConfig

ISPConfig comes with jailkit enabled so that the “clients” that login via ssh are limited to a chroot shell with only some specific command. Every client website has its own jailkit.

Enabling a command in an existing jailkit

If some of your ISPConfig clients need to use the GIT ecosystem you may need to enabled it in the jailkits.

By default the websites jailkits resides in /var/www/clients/clientX/webY so with the jk_cp command you can enable a specific command only in one website jailkit as follow:

jk_cp -j /var/www/clients/clientX/webY/ /usr/bin/git*
jk_cp -j /var/www/clients/clientX/webY/ /bin/uname
jk_cp -j /var/www/clients/clientX/webY/ /usr/share/git-core

Enabling a command in all jailkits

First we need to add an entry for the command in the jailkit init file /etc/jailkit/jk_init.ini:

comment = Fast Version Control System
executables = /usr/bin/git*, /bin/uname
directories = /usr/share/git-core
includesections = editors

Then in the ISPConfig section System -> Server Config -> Jailkit we need to add the block name we used in the jk_init.ini file.

Now every new jailkit will automatically have GIT enabled.

But I want it enabled in old ones too!

Then you can use this script to update all your jailkits. Copy it in your system path (/usr/local/sbin/), make it executable (chmod +x /usr/local/sbin/jk_updater_isp) and run it!

You can even add a cronjob to keep all your jails updated!