Jailed Shell or VirtFS is a paravirtualized filesystem based on the VirtIO framework often used by Shared Servers to protect the other users. We talked briefly about paravirtualization, KVM here is Kernel Based Virtual Machine (there is another KVM – which is a switch), SSH to Shared Hosting Server etcetera topics. Jailed Shell is a wider topic which includes a rightly defined, protocol based technology – VirtFS. There can be other software based method to softly restrict the user’s privileges. Most good shared web hosts at the time of writing uses OpenStack cloud based multi tenant system instead of older ways to provide a shared hosting account.
Basics of VirtFS or Jailed Shell
When we are mentioning Jailed Shell, within this article it means that we are talking about VirtFS. Closed Source web hosting panel can use different methods, usually they are not standardized methods to implement Jailed Shell – the phrase is used loosely what literally it means – a jailed shell environment, a SSH session with restricted privileges. Also, there is a software package named jailkit (for Linux and UNIX). cPanel mentions VirtFS as Jailed Shell :
1 | http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/VirtFS |
VirtFS provides a jailed shell environment for a user connected to a server via SSH. Unlike a normal shell environment, a jailed shell environment prevents access to data outside of the user’s home directory, increasing security for shell account users. You will have no access to any system or server files; only to your own directory.
Jailkit is a software package as we have mentioned :
1 | http://olivier.sessink.nl/jailkit/ |
---
The later is also known as chroot jail :
1 | http://olivier.sessink.nl/jailkit/howtos_chroot_shell.html |
Basically, tests like Blue Pill test can detect the virtualization instance. Our VirtFS or Jailed Shell uses a defined protocol named 9P.
The kernel component of KVM is included in mainline Linux, as of 2.6.20. 9P (or the Plan 9 Filesystem Protocol or Styx) is a network protocol developed for the Plan 9 from Bell Labs distributed operating system. Plan 9 from User Space (or p9p) is a port of Plan 9 from Bell Labs libraries and applications to Unix-like operating systems. Currently it has been tested on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD etceteras operating systems. FreeBSD jail mechanism is an implementation of operating system-level virtualization. Operating system“level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user space instances, such instances are called containers or virtual private servers (VPS) depending upon the implementation.
Normal Shell versus Jailed Shell
A normal shell environment gives an user the full access to the file system and server environment. Jailed Shell is a way to prevent users doing any more accidental damage than they might with a full shell account. Today basically a shared server is rarely used by the advanced users as there are less costly options like PaaS.
Author discourages to use the word Jail
Author discourages to use the word Jail in conduction with free software. As we are thinking about Restorative justice, we possibly should avoid the colonial phrases. We were talking about VirtFS.
