In order to allow users of Jailed shells to access additional directories one has to create a custom jailed shell mount. The following document outlines the process to be followed in order to create such a custom mount, thereby enabling access for the jailed shell users.
To create a custom mount enabling the users of jailed shells to access any additional directories, one has to follow and execute the steps outlined below:
One should not append a trailing slash to the directory names or use relative paths in listing them. For instance, if one wishes to specify the /usr/local/test1 directory, then one should not enter the directory name in the list in any of the following ways:
test1/ – for this entry contains a trailing slash after the directory name and would indicate it being a relative directory.
test1 – for this entry would indicate it to be a relative directory.
/usr/local/test1/ – for this entry contains again, a trailing slash.
/usr/local/test1 /usr/local/test2 /usr/local/test3 – for this entry is not listed on separate lines, but on the same line.
This is significant as failing to correctly format the directories in the /var/cpanel/jailshell-additional-mounts might result in a server failure.
It has to be kept in mind that custom mounts are read-only files for jailed shell users.
To unmount a custom one has to run or use the ‘unmount’ command and not merely remove an entry from the /var/cpanel/jailshell-additional-mounts file.
For instance, in order to unmount the /usr/local/foo one has to run the following command:
It is important to remember that if and when a user logs out of the jailed shell account, the system does not unmount custom mounts.
One should replace the username with that of the particular cPanel user.
The given document then details the lucid process to be followed in order to grant jailed shell users access to additional directories. Further, It also provides the information necessary to undo the process if required.