ansible-roles/jailkit#3 Improve jailkit config for site users and their crontabs

0d0af5ab · jurgenhaas · f7fb3caf · 0d0af5ab · 0d0af5ab · 0d0af5ab
Commit 0d0af5ab authored 7 years ago by jurgenhaas
--- a/tasks/jailkit.yml
+++ b/tasks/jailkit.yml
@@ -178,29 +178,18 @@
  when: username != tunnel_user_name and jailuser_init
  tags: 'always'

- name: "Assign Jails To Users"
+- name: "Update config files"
  template:
-    src='jk_uchroot.ini'
-    dest='/etc/jailkit/jk_uchroot.ini'
-    owner=root
-    group=root
-    mode='644'
-
- name: "Update Config"
-  template:
-    src='jk_update.ini'
-    dest='/etc/jailkit/jk_update.ini'
-    owner=root
-    group=root
-    mode='644'
-
- name: "Socket Config"
-  template:
-    src='jk_socketd.ini'
-    dest='/etc/jailkit/jk_socketd.ini'
+    src='{{ item }}.ini'
+    dest='/etc/jailkit/{{ item }}.ini'
    owner=root
    group=root
    mode='644'
+  with_items:
+    - 'jk_chrootsh'
+    - 'jk_uchroot'
+    - 'jk_update'
+    - 'jk_socketd'

 - name: "Update Jails"
  include_tasks: updatejail.yml

--- a/tasks/updatejail.yml
+++ b/tasks/updatejail.yml
@@ -17,3 +17,10 @@
  with_flattened:
    - '{{ admins }}'
    - '{{ jailusers }}'
+
+- name: "Set shell for crontabs"
+  cron:
+    name: 'SHELL'
+    env: yes
+    value: '/usr/sbin/jk_chrootsh'
+    user: '{{ drupal.jail.name }}'
--- a/templates/jk_chrootsh.ini
+++ b/templates/jk_chrootsh.ini
+[DEFAULT]
+skip_injail_passwd_check=1
+injail_shell=/bin/bash
+
 ## example for a user
 #[test]
 #env= DISPLAY, XAUTHORITY
@@ -5,4 +9,4 @@
 ##example for a group, there should be only 1 space inbetween the words!
 #[group users]
 #env = DISPLAY, XAUTHORITY
-#
\ No newline at end of file
+#
--- a/templates/jk_uchroot.ini
+++ b/templates/jk_uchroot.ini
+{% for item in drupal_settings|default([]) %}
+{% if item.jail is defined %}
+[{{ item.jail.name }}]
+allowed_jails = {{ jailroot }}/{{ item.jail.name }}
+skip_injail_passwd_check = 1
+
+{% endif %}
+{% endfor %}
 {% for admin in admins %}
 [{{ admin }}]
 allowed_jails ={% for item in drupal_settings|default([]) %}{% if item.jail is defined %} , {{ jailroot }}/{{ item.jail.name }}{% endif %}{% endfor %}

--- a/templates/jk_update.ini
+++ b/templates/jk_update.ini
 {% for item in drupal_settings|default([]) %}
 {% if item.jail is defined %}
 [{{ jailroot }}/{{ item.jail.name }}]
-skips =
 hardlinks = 0
 directories = /bin, /dev, /etc, /home, /lib, /lib64, /opt, /usr