jailkit  2.23
About: Jailkit is a set of utilities to limit user accounts to specific files using chroot() and or specific commands.
  Fossies Dox: jailkit-2.23.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

jailkit Documentation

Some Fossies usage hints in advance:

  1. To see the Doxygen generated documentation please click on one of the items in the steelblue colored "quick index" bar above or use the side panel at the left which displays a hierarchical tree-like index structure and is adjustable in width.
  2. If you want to search for something by keyword rather than browse for it you can use the client side search facility (using Javascript and DHTML) that provides live searching, i.e. the search results are presented and adapted as you type in the Search input field at the top right.
  3. Doxygen doesn't incorporate all member files but just a definable subset (basically the main project source code files that are written in a supported language). So to search and browse all member files you may visit the Fossies jailkit-2.23.tar.gz contents page and use the Fossies standard member browsing features (also with source code highlighting and additionally with optional code folding).


Jailkit is a set of utilities to limit user accounts to specific files using chroot() and or specific commands. Setting up a jail is a lot easier using these utilities.

See 'man jailkit' for more detailed info on the different utilities in this package. If you have not yet installed jailkit you can see this man page using 'man man/jailkit.8'.


The most elementary tools are written in C and only need libc and libpthreads (available on almost any Linux system and most other posix compliant systems).

The scripts are written in python, so they need python installed.


Jailkit is an open source project written by Olivier Sessink. It is released under a modified BSD licence.


Suppose you need to create an account 'test' that can do sftp and scp only. You want it in a jail called /home/sftproot where it will have a homedirectory /home/test

#initialise the jail mkdir /home/sftproot jk_init -j /home/sftproot jk_lsh jk_init -j /home/sftproot sftp jk_init -j /home/sftproot scp

create the account

adduser test jk_jailuser -j /home/sftproot test

edit the jk_lsh configfile in the jail (man jk_lsh)

you can use every editor you want, I chose 'joe'

joe /home/sftproot/etc/jailkit/jk_lsh.ini

now restart jk_socketd

killall jk_socketd jk_socketd

test the account

sftp test@localhost

check the logs if everything is correct

tail /var/log/daemon.log /var/log/auth.log


cvs - cvs needs /tmp/ for temporary files procmail - needs /dev/null


Copyright (C) 2003, 2004, 2005, Olivier Sessink

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.