This was done on Centos but I think it's easier on Debian machines, the paths that it is set to use are tailored towards Debian, so there is some fiddling that needs to be done on Centos.
This is for chrooting ssh, but jailkit has other uses than just SSH jails but I won't cover them in this writeup.
yum install jailkit
mkdir /home/jail
chown root:root /home/jail
jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp
You'll see a lot of text scrolling, basically it is copying all the executables and their dependencies to the chroot environment.
For more specialized setups/extra programs you can edit /etc/jailkit/jk_init.ini to enable or add more programs.
jk_jailuser -m -j /home/jail "testguy"
invalid shell, /home/jail/usr/sbin/jk_lsh does not exist
enter jail directory:
Fix the error with the following:
You need to copy "jk_lsh" and should have done it from the start (bad documentation)
jk_init -v -j /home/jail jk_lsh
Now you can add whatever use you want to the jail.
And just to confirm notice the changed /etc/passwd entry for testguy:
testguy:x:500:500::/home/jail/./home/testguy:/usr/sbin/jk_chrootsh
Set the shell you want for your user in /home/jail/etc/passwd
root:x:0:0:root:/root:/bin/bash
testguy:x:500:500::/home/testguy:/usr/sbin/jk_lsh
I don't know why "root" is there, I deleted that line. I also changed the shell for testguy to bash, and so my new file looks like:
testguy:x:500:500::/home/testguy:/bin/bash
jailkit, chroot, ssh, tutorial, errorthis, centos, debian, paths, tailored, fiddling, chrooting, jails, writeup, install, yum, mkdir, chown, enable, jailed, programs, users, jk_init, basicshell, editors, extendedshell, netutils, sftp, scp, ll, text, scrolling, copying, executables, dependencies, specialized, setups, edit, etc, ini, existing, user, jk_jailuser, quot, testguy, invalid, shell, usr, sbin, jk_lsh, directory, documentation, passwd, entry, jk_chrootsh, finalize, settings, bin, bash, deleted,