hestiacp/install/common/jailkit/jk_init.ini

[uidbasics]
# this section probably needs adjustment on 64bit systems
# or non-Linux systems
comment = common files for all jails that need user/group information
paths = /lib/libnsl.so.*, /lib64/libnsl.so.*, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.*, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.*, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.*, /etc/nsswitch.conf, /etc/ld.so.conf
# Solaris needs
# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf

[netbasics]
comment = common files for all jails that need any internet connectivity
paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services, /etc/ssl/certs/, /usr/lib/ssl/certs
# on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure

[logbasics]
comment = timezone information and log sockets
paths = /etc/localtime
need_logsocket = 1
# Solaris does not need logsocket
# but needs
# devices = /dev/log, /dev/conslog

[jk_lsh]
comment = Jailkit limited shell
paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
users = root
groups = root
includesections = uidbasics, logbasics

[limitedshell]
comment = alias for jk_lsh
includesections = jk_lsh

[cvs]
comment = Concurrent Versions System
paths = cvs
devices = /dev/null

[git]
comment = Fast Version Control System
paths = /usr/bin/git*, /usr/lib/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager
includesections = editors, perl

[scp]
comment = ssh secure copy
paths = scp
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null

[sftp]
comment = ssh secure ftp
paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
# on solaris
#paths = /usr/lib/ssh/sftp-server

[ssh]
comment = ssh secure shell
paths = ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null

[rsync]
paths = rsync
includesections = netbasics, uidbasics

[procmail]
comment = procmail mail delivery
paths = procmail, /bin/sh
devices = /dev/null

[basicshell]
comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, groups, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, unzip, zcat, zip, zstd, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
users = root
groups = root
includesections = uidbasics

[interactiveshell]
comment = for ssh access to a full shell
includesections = uidbasics, basicshell, terminfo, editors, extendedshell

[midnightcommander]
comment = Midnight Commander
paths = mc, mcedit, mcview, /usr/share/mc
includesections = basicshell, terminfo

[extendedshell]
comment = bash shell including things like awk, bzip, tail, less
paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
includesections = basicshell, midnightcommander, editors

[terminfo]
comment = terminfo databases, required for example for ncurses or vim
paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo

[editors]
comment = vim, joe and nano
includesections = terminfo
paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim

[netutils]
comment = several internet utilities like wget, ftp, rsync, scp, ssh
paths = wget, lynx, ftp, host, rsync, smbclient
includesections = netbasics, ssh, sftp, scp

[apacheutils]
comment = htpasswd utility
paths = htpasswd

[extshellplusnet]
comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils

[openvpn]
comment = jail for the openvpn daemon
paths = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
#includesections = netbasics
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1

[apache]
comment = the apache webserver, very basic setup, probably too limited for you
paths = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics

[perl]
comment = the perl interpreter and libraries
paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

[xauth]
comment = getting X authentication to work
paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

[xclients]
comment = minimal files for X clients
paths = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth

[vncserver]
comment = the VNC server program
paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
includesections = xclients

[ping]
comment = Ping program
paths_w_setuid = /bin/ping

#[xterm]
#comment = xterm
#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

# Hestia Jail Settings
[node]
comment = NodeJS
paths = npm, npx, node, nodejs, /usr/lib/nodejs, /usr/share/nodejs, /usr/share/npm, /usr/lib/node_modules, /usr/local/lib/nodejs, /usr/local/lib/node_modules

[env]
comment = environment variables
executables = /usr/bin/env

# The default version Hestia installs is 8.2 use this as the common PHP version
[php]
comment = default php version and libraries
paths = /usr/bin/php
includesections = php_common, php8.2

[php_common]
comment = common php directories and libraries
# Careful!
# Make sure not to add the upper /etc/php/ or /etc/php/fpm directories.
# theses are unneeded in the jails and adding them can potentially leak
# custom server settings to the customers.
paths = /usr/bin/php, /usr/lib/php/, /usr/share/php/, /usr/share/zoneinfo/
includesections = env, logbasics, netbasics

[php5_6]
comment = php version 5.6
paths = /usr/bin/php5.6, /usr/lib/php/5.6/, /usr/lib/php/20131226/, /usr/share/php/5.6/, /etc/php/5.6/cli/, /etc/php/5.6/mods-available/
includesections = php_common

[php7_0]
comment = php version 7.0
paths = /usr/bin/php7.0, /usr/lib/php/7.0/, /usr/lib/php/20151012/, /usr/share/php/7.0/, /etc/php/7.0/cli/, /etc/php/7.0/mods-available/
includesections = php_common

[php7_1]
comment = php version 7.1
paths = /usr/bin/php7.1, /usr/lib/php/7.1/, /usr/lib/php/20160303/, /usr/share/php/7.1/, /etc/php/7.1/cli/, /etc/php/7.1/mods-available/
includesections = php_common

[php7_2]
comment = php version 7.2
paths = /usr/bin/php7.2, /usr/lib/php/7.2/, /usr/lib/php/20170718/, /usr/share/php/7.2/, /etc/php/7.2/cli/, /etc/php/7.2/mods-available/
includesections = php_common

[php7_3]
comment = php version 7.3
paths = /usr/bin/php7.3, /usr/lib/php/7.3/, /usr/lib/php/20180731/, /usr/share/php/7.3/, /etc/php/7.3/cli/, /etc/php/7.3/mods-available/
includesections = php_common

[php7_4]
comment = php version 7.4
paths = /usr/bin/php7.4, /usr/lib/php/7.4/, /usr/lib/php/20190902/, /usr/share/php/7.4/, /etc/php/7.4/cli/, /etc/php/7.4/mods-available/
includesections = php_common

[php8_0]
comment = php version 8.0
paths = /usr/bin/php8.0, /usr/lib/php/8.0/, /usr/lib/php/20200930/, /usr/share/php/8.0/, /etc/php/8.0/cli/, /etc/php/8.0/mods-available/
includesections = php_common

[php8_1]
comment = php version 8.1
paths = /usr/bin/php8.1, /usr/lib/php/8.1/, /usr/lib/php/20210902/, /usr/share/php/8.1/, /etc/php/8.1/cli/, /etc/php/8.1/mods-available/
includesections = php_common

[php8_2]
comment = php version 8.2
paths = /usr/bin/php8.2, /usr/lib/php/8.2/, /usr/lib/php/20220829/, /usr/share/php/8.2/, /etc/php/8.2/cli/, /etc/php/8.2/mods-available/
includesections = php_common