HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Chroot SSH + ISPConfig (http://www.howtoforge.com/forums/showthread.php?t=4373)

Norman 17th May 2006 20:54

Chroot SSH + ISPConfig
 
Does anyone have any tutorial for this? Is it possible and relatively easy to do without breaking the system for current ISPconfig users?

jameso 12th February 2007 14:03

I am also interested in information on how to do this.

Does anyone have any information on how to do this without affecting ISPConfig?

Thanks.

falko 13th February 2007 17:24

Take a look here: http://www.howtoforge.com/forums/sho...+ssh+ispconfig

jameso 5th March 2007 07:31

Hi falko,

Thanks for your reply, however that howto talks about the chroot limiting users to /home/chroot.

I wish to be able to set up my server so that when each ISPconfig user logs in, they are limited to their /var/www/webx/ directory, and cannot go outside of this. Obviously the root account should be able to go anywhere.

Any hints?

Thanks.

till 5th March 2007 08:49

Please install the chroot as described in the howto that falko posted. The setup is the same if you want to chroot to /home/chroot or to the user directories in ISPConfig. Then enable chrooting in ISPConfig in the file /home/admispconfig/ispconfig/config.inc.php

By the way, you will find many posts that tell you the same when you search the forum for the word chroot ;)

jonwatson 9th March 2007 18:24

Hello,

I've just discovered that my shell users aren't chrooted. Yikes!

Anyhow, I followed the Howto that Falko pointed to and all seemed to go well, but I'm not getting the desired behaviour. None of my users can log in - they are all greeted with a /bin/bash file or directory does not exist error when they try to log in.

I have enabled the chroot option in config.inc.php and bash does exist in /chroot/home/bin.

I have restarted both ssh and ispconfig_server.

My users from /etc/passwd look like this:

Code:

test.domain:x:1008:1013:test:/var/www/web13/user/test.domain/./:/bin/bash
which looks right to me in that the '.' appears in the right place. I'm not sure why ISPConfig is putting a :/bin/bash after it, though, but I'm not chroot expert by any means so that may be correct.

The user in question has the shell access option checked under his user settings and the web in question has shell access enabled as well.

Any idea where I'm going wrong?

Thanks!

Edit: ISPConfig 2.2.11

jonwatson 10th March 2007 18:02

Hate to be a bumper, but can anyone help me troubleshoot this issue?

Thanks!


Quote:

Originally Posted by jonwatson
Hello,

I've just discovered that my shell users aren't chrooted. Yikes!

Anyhow, I followed the Howto that Falko pointed to and all seemed to go well, but I'm not getting the desired behaviour. None of my users can log in - they are all greeted with a /bin/bash file or directory does not exist error when they try to log in.

I have enabled the chroot option in config.inc.php and bash does exist in /chroot/home/bin.

I have restarted both ssh and ispconfig_server.

My users from /etc/passwd look like this:

Code:

test.domain:x:1008:1013:test:/var/www/web13/user/test.domain/./:/bin/bash
which looks right to me in that the '.' appears in the right place. I'm not sure why ISPConfig is putting a :/bin/bash after it, though, but I'm not chroot expert by any means so that may be correct.

The user in question has the shell access option checked under his user settings and the web in question has shell access enabled as well.

Any idea where I'm going wrong?

Thanks!

Edit: ISPConfig 2.2.11


till 11th March 2007 12:14

Only new users are chrooted or users that have been edited. You must also make sute that you really enabled chrooting in the config.inc.php file.

jonwatson 11th March 2007 17:33

Quote:

Originally Posted by till
Only new users are chrooted or users that have been edited. You must also make sute that you really enabled chrooting in the config.inc.php file.

config.inc.php:
Code:

$go_info["server"]["ssh_chroot"] = 1;
As posted, a typical new or edited user looks like:

Code:

test.domain:x:1008:1013:test:/var/www/web13/user/test.domain/./:/bin/bash
Yet, when this users attempts to log in, he is punted with a:
Code:

/bin/bash: No such file or directory
error.

Code:

hyperion:/home/chroot/bin# pwd
/home/chroot/bin
hyperion:/home/chroot/bin# ls -al
total 868
drwxr-sr-x  2 root staff  4096 Mar  9 10:11 .
drwxr-sr-x  8 root staff  4096 Mar  9 10:10 ..
-rwxr-xr-x  1 root staff 625228 Mar  9 10:11 bash
-rwxr-xr-x  1 root staff  75948 Mar  9 10:11 ls
-rwxr-xr-x  1 root staff  20888 Mar  9 10:11 mkdir
-rwxr-xr-x  1 root staff  55340 Mar  9 10:11 mv
-rwsr-xr-x  1 root staff  30764 Mar  9 10:11 ping
-rwxr-xr-x  1 root staff  13848 Mar  9 10:11 pwd
-rwxr-xr-x  1 root staff  30712 Mar  9 10:11 rm

Each chrooted user's home directory contains the same files as listed above. That all looks right, but the user cannot find bash when he logs in.

I am kind of confused about the use of the chrooted /etc/passwd and group files. ISPConfig doesn't update them when I create or edit new users, rather it updates the system proper /etc/passwd and group files. Is that correct behaviour?

Thanks!

till 11th March 2007 17:58

The directory /home/chroot/bin is not of interest for ISPConfig, as the users where chrooted to their home directory which is not /home/chroot/.

Please post ls -la from the home directory of one of the users.

Quote:

I am kind of confused about the use of the chrooted /etc/passwd and group files. ISPConfig doesn't update them when I create or edit new users, rather it updates the system proper /etc/passwd and group files. Is that correct behaviour?
Yes. Because other users that you edir are not of interest for this chroot enviroment.


All times are GMT +2. The time now is 09:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.