Drush in Jail Shell

I am not a drupal expert.
We got a request from a customer today asking to install drush in a jailed shell so that the user would only be able to run drush, but use it to do everything. Or at least this is how I understood the task.

Installing drush on CentOS (as root):

yum install php-pear
pear channel-discover pear.drush.org
pear install drush/drush

Do I need jailkit?
Here’s how to install jailkit:

yum install gcc make
wget -c http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.bz2
tar xf jailkit-*.tar.bz2
cd jailkit-*
make install

The jailkit configuration files are in /etc/jailkit/

Jailing drush is in fact about jailing php-cli (or just php depending on your distro).

Turns out no scripts are needed (other than jailkit). I added the following to /etc/jailkit/jk_init.ini

comment = PHP and libs
paths = php
users = root, www-data, phpjtest
groups = root, www-data

comment = Drupal Shell
paths = /usr/bin/drush, /usr/share/drush, /etc/drush
includesections = php

And ran:

mkdir /srv/jail
chown root:root /srv/jail
chmod 0755 /srv/jail
jk_init -j /srv/jail jk_lsh
jk_init -j /srv/jail drush
adduser phpjtest
jk_jailuser -v -m -j /srv/jail phpjtest

Now to setup the drush alias:

mkdir ~/.drush/ # if not already there
vi ~/.drush/aliases.drushrc.php

with the following contents:

  'root' => '/var/www/example.com',
  'remote-host' => 'remote.host.ip.or.name',
  'remote-user' => 'phpjtest',

Next, set up a passwordless login to the remote server using:

# this is done on the client side (home pc)
ssh-keygen -t rsa
ssh-copy-id phpjtest@remote.host.ip.or.name 

And you should be able to run drush commands from the local machine using:
drush @remote1 status

Going to test this shortly…

Similar Posts:

Tagged , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *