I have the following task to give a (non-privileged) user ssh access to our server, so that he can create, modify and delete kopano accounts on his own via the command line interface tools. But the constraint is, that this user should have no access to other areas of the server and should stay in his home folder at best.
First of all I thought, I could create a chroot environment. I copied the binary and the libs (according to ldd) to the respective folders, but it’s not working (executed in the chroot environment):
$ kopano-admin kopano-admin: /usr/lib/libkcssl.so.0: version 'KC_8.5.6' not found (required by kopano-admin) /usr/sbin/kopano-admin: /usr/lib/libkcarchiver.so.0: version 'KC_8.5.6' not found (required by /usr/sbin/kopano-admin) #... $ ll /usr/lib/libkcssl.so.0 lrwxrwxrwx 1 0 0 17 Sep 3 13:08 /usr/lib/libkcssl.so.0 -> libkcssl.so.0.0.0 $ ll /usr/lib/libkcssl.so.0.0.0 -rw-r--r-- 1 0 0 39984 Sep 4 13:57 /usr/lib/libkcssl.so.0.0.0
So is the chroot jail a possible solution at all? Are there any better options for the task?
The server is running under Ubuntu 16.04. with the db_plugin. Switching to LDAP is not an option.