From 0d0af5ab13bf53ab9c417443f86fcb3cc3ea3c14 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 6 Mar 2018 10:51:53 +0100
Subject: [PATCH] ansible-roles/jailkit#3 Improve jailkit config for site users
 and their crontabs

---
 tasks/jailkit.yml         | 27 ++++++++-------------------
 tasks/updatejail.yml      |  7 +++++++
 templates/jk_chrootsh.ini |  6 +++++-
 templates/jk_uchroot.ini  |  8 ++++++++
 templates/jk_update.ini   |  1 -
 5 files changed, 28 insertions(+), 21 deletions(-)

diff --git a/tasks/jailkit.yml b/tasks/jailkit.yml
index c9d98fa..d3e4f8c 100644
--- a/tasks/jailkit.yml
+++ b/tasks/jailkit.yml
@@ -178,29 +178,18 @@
   when: username != tunnel_user_name and jailuser_init
   tags: 'always'
 
-- name: "Assign Jails To Users"
+- name: "Update config files"
   template:
-    src='jk_uchroot.ini'
-    dest='/etc/jailkit/jk_uchroot.ini'
-    owner=root
-    group=root
-    mode='644'
-
-- name: "Update Config"
-  template:
-    src='jk_update.ini'
-    dest='/etc/jailkit/jk_update.ini'
-    owner=root
-    group=root
-    mode='644'
-
-- name: "Socket Config"
-  template:
-    src='jk_socketd.ini'
-    dest='/etc/jailkit/jk_socketd.ini'
+    src='{{ item }}.ini'
+    dest='/etc/jailkit/{{ item }}.ini'
     owner=root
     group=root
     mode='644'
+  with_items:
+    - 'jk_chrootsh'
+    - 'jk_uchroot'
+    - 'jk_update'
+    - 'jk_socketd'
 
 - name: "Update Jails"
   include_tasks: updatejail.yml
diff --git a/tasks/updatejail.yml b/tasks/updatejail.yml
index f41ca91..7e279b7 100644
--- a/tasks/updatejail.yml
+++ b/tasks/updatejail.yml
@@ -17,3 +17,10 @@
   with_flattened:
     - '{{ admins }}'
     - '{{ jailusers }}'
+
+- name: "Set shell for crontabs"
+  cron:
+    name: 'SHELL'
+    env: yes
+    value: '/usr/sbin/jk_chrootsh'
+    user: '{{ drupal.jail.name }}'
diff --git a/templates/jk_chrootsh.ini b/templates/jk_chrootsh.ini
index c181b11..9c394d7 100644
--- a/templates/jk_chrootsh.ini
+++ b/templates/jk_chrootsh.ini
@@ -1,3 +1,7 @@
+[DEFAULT]
+skip_injail_passwd_check=1
+injail_shell=/bin/bash
+
 ## example for a user
 #[test]
 #env= DISPLAY, XAUTHORITY
@@ -5,4 +9,4 @@
 ##example for a group, there should be only 1 space inbetween the words!
 #[group users]
 #env = DISPLAY, XAUTHORITY
-#
\ No newline at end of file
+#
diff --git a/templates/jk_uchroot.ini b/templates/jk_uchroot.ini
index 8206931..3206137 100644
--- a/templates/jk_uchroot.ini
+++ b/templates/jk_uchroot.ini
@@ -1,3 +1,11 @@
+{% for item in drupal_settings|default([]) %}
+{% if item.jail is defined %}
+[{{ item.jail.name }}]
+allowed_jails = {{ jailroot }}/{{ item.jail.name }}
+skip_injail_passwd_check = 1
+
+{% endif %}
+{% endfor %}
 {% for admin in admins %}
 [{{ admin }}]
 allowed_jails ={% for item in drupal_settings|default([]) %}{% if item.jail is defined %} , {{ jailroot }}/{{ item.jail.name }}{% endif %}{% endfor %}
diff --git a/templates/jk_update.ini b/templates/jk_update.ini
index 0a6fa38..6bc7ec1 100644
--- a/templates/jk_update.ini
+++ b/templates/jk_update.ini
@@ -1,7 +1,6 @@
 {% for item in drupal_settings|default([]) %}
 {% if item.jail is defined %}
 [{{ jailroot }}/{{ item.jail.name }}]
-skips =
 hardlinks = 0
 directories = /bin, /dev, /etc, /home, /lib, /lib64, /opt, /usr
 
-- 
GitLab