Jailed shell
A jailed shell is a command shell on a computer system that exists on an isolated subset of the larger system. In essence, it provides a "system within a system," which protects the containing system from being adversely affected by anything that occurs in the subsystem. Users in the jail have restricted access to system tools and resources and cannot "break out" into the larger system.
Chroot jail
A chroot jail is one type of jailed shell, which effectively creates a new system root at the root of the jail. Chroot was created in the late 1970s to create safe testing environments on Unix systems. It has many uses in modern systems, including protecting a networked system from hackers and creating an isolated environment intentionally exposed to viruses and malware.
Other types of jails
- An SSH jail, which creates a jailed environment for users who log into a system remotely via SSH (secure shell).
- An SFTP jail, which creates a jailed environment for file transfers using SFTP (secure file transfer protocol).
- A mail jail, which provides mail services for users within a jailed environment, protecting it from malicious software that might enter the system through e-mail processing.
Jail shell tools
Tools that help you create a jailed shell include the jailkit utility, available on many Unix-like operating systems such as Linux, OpenBSD, FreeBSD, and macOS.