I am not a drupal expert.
We got a request from a customer today asking to install drush in a jailed shell so that the user would only be able to run drush, but use it to do everything. Or at least this is how I understood the task.
Installing drush on CentOS (as root):
yum install php-pear pear channel-discover pear.drush.org pear install drush/drush
Do I need jailkit?
Here’s how to install jailkit:
yum install gcc make wget -c http://olivier.sessink.nl/jailkit/jailkit-2.15.tar.bz2 tar xf jailkit-*.tar.bz2 cd jailkit-* ./configure make make install
The jailkit configuration files are in /etc/jailkit/
Jailing drush is in fact about jailing php-cli (or just php depending on your distro).
Turns out no scripts are needed (other than jailkit). I added the following to /etc/jailkit/jk_init.ini
comment = PHP and libs paths = php users = root, www-data, phpjtest groups = root, www-data [drush] comment = Drupal Shell paths = /usr/bin/drush, /usr/share/drush, /etc/drush includesections = php
mkdir /srv/jail chown root:root /srv/jail chmod 0755 /srv/jail jk_init -j /srv/jail jk_lsh jk_init -j /srv/jail drush adduser phpjtest jk_jailuser -v -m -j /srv/jail phpjtest
Now to setup the drush alias:
mkdir ~/.drush/ # if not already there vi ~/.drush/aliases.drushrc.php
with the following contents:
'stage.example.com', 'root' => '/var/www/example.com', 'remote-host' => 'remote.host.ip.or.name', 'remote-user' => 'phpjtest', ); ?>
Next, set up a passwordless login to the remote server using:
# this is done on the client side (home pc) ssh-keygen -t rsa ssh-copy-id firstname.lastname@example.org
And you should be able to run drush commands from the local machine using:
drush @remote1 status
Going to test this shortly…