HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   creating a jailkit user fails (http://www.howtoforge.com/forums/showthread.php?t=53815)

Justin Albstmeijer 17th August 2011 18:54

creating a jailkit user fails
 
Hi,

When creating a jailkit user, I cannot login.
If I check the /etc/passwd entries the user has not been given the correct shell.

web283:x:5123:5043::/var/clients/client30/web123/./home/web123:/bin/false
random.com:x:5123:5043::/var/clients/client12/web123/./home/random.com:/bin/false

created two more accounts with the same result.

here the create log of the initial creation

17.08.2011-12:14 - DEBUG - Found 1 changes, starting update process.
17.08.2011-12:14 - DEBUG - Replicated from master: REPLACE INTO shell_user (`shell_user_id`,`sys_userid`,`sys_groupid`,`sys_p erm_user`,`sys_perm_group`,`sys_perm_other`,`serve r_id`,`parent_domain_id`,`username`,`password`,`qu ota_size`,`active`,`puser`,`pgroup`,`shell`,`dir`, `chroot`) VALUES ('179','32','32','riud','riud','','10','283','rand om.com','$1$it2Sirq4$Ymomt.K6123456twxOCXL.','-1','y','web123','client12','/bin/bash','/var/clients/client12/web123','jailkit')
17.08.2011-12:14 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
17.08.2011-12:14 - DEBUG - Executed command: useradd -d /var/clients/client12/web123 -g client12 -o -p \$1\$it2Sirq4\$Ymomt.K6123456twxOCXL. -s /bin/bash -u 5123 random.com
17.08.2011-12:14 - DEBUG - Added shelluser: random.com
17.08.2011-12:14 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L random.com
17.08.2011-12:14 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
17.08.2011-12:14 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/clients/client12/web123 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
17.08.2011-12:14 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/clients/client12/web123 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
17.08.2011-12:14 - DEBUG - Added bashrc scrpt : /var/clients/client12/web123/etc/bash.bashrc
17.08.2011-12:14 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh random.com /var/clients/client12/web123 /home/random.com /bin/bash web123 /home/web123
17.08.2011-12:14 - DEBUG - Added created jailkit user home in : /var/clients/client12/web123/home/random.com
17.08.2011-12:14 - DEBUG - Added created jailkit parent user home in : /var/clients/client12/web123/home/web123
17.08.2011-12:14 - DEBUG - Jailkit Plugin -> insert username:random.com
17.08.2011-12:14 - DEBUG - Processed datalog_id 21819
17.08.2011-12:14 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
17.08.2011-12:15 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

editing the account, in this case by changing the quote of the shell user, the shell gets fixed and I can log in.

web123:x:5123:5043::/var/clients/client12/web123/./home/web123:/bin/false
random.com:x:5123:5043::/var/clients/client12/web123/./home/random.com:/usr/sbin/jk_chrootsh

here the log of the quota change.

17.08.2011-16:32 - DEBUG - Replicated from master: REPLACE INTO shell_user (`shell_user_id`,`sys_userid`,`sys_groupid`,`sys_p erm_user`,`sys_perm_group`,`sys_perm_other`,`serve r_id`,`parent_domain_id`,`username`,`password`,`qu ota_size`,`active`,`puser`,`pgroup`,`shell`,`dir`, `chroot`) VALUES ('179','32','32','riud','riud','','10','123','rand om.com','$1$it2Sirq4$Ymomt.K6123456twxOCXL.','1',' y','web123','client12','/bin/bash','/var/clients/client12/web123','jailkit')
17.08.2011-16:32 - DEBUG - Calling function 'update' from plugin 'shelluser_base_plugin' raised by event 'shell_user_update'.
17.08.2011-16:32 - DEBUG - Executed command: usermod --home /var/clients/client12/web123 --gid client12 --password \$1\$it2Sirq4\$Ymomt.K6123456twxOCXL. --login random.com random.com
17.08.2011-16:32 - DEBUG - Updated shelluser: random.com
17.08.2011-16:32 - DEBUG - Calling function 'update' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_update'.
17.08.2011-16:32 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/clients/client12/web123 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
17.08.2011-16:32 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/clients/client12/web123 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
17.08.2011-16:32 - DEBUG - Added bashrc scrpt : /var/clients/client12/web123/etc/bash.bashrc
17.08.2011-16:32 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh random.com /var/clients/client12/web123 /home/random.com /bin/bash web123 /home/web123
17.08.2011-16:32 - DEBUG - Added created jailkit user home in : /var/clients/client12/web123/home/random.com
17.08.2011-16:32 - DEBUG - Added created jailkit parent user home in : /var/clients/client12/web123/home/web123
17.08.2011-16:32 - DEBUG - Jailkit Plugin -> update username:random.com
17.08.2011-16:32 - DEBUG - Processed datalog_id 21824
17.08.2011-16:32 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

I have seen this issue with previous versions too.

Justin

Justin Albstmeijer 17th August 2011 22:36

Background info, I'm running ispconfig-3.0.3.3 on centos-5.

I see shelluser_base_plugin.inc.php disabling the account and setting the shell to /bin/false

Disabling shelluser temporarily: usermod -s /bin/false -L random.com

I see shelluser_jailkit_plugin.inc.php unlocking the account but not restoring the /usr/sbin/jk_chrootsh shell.

till 18th August 2011 11:23

You are right, the command to unlock the account has to be:

$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);

Originally we used only -L and -U without changing the shell, but this did not work reliably. I've restored your bugtracker report.

corpus 26th August 2011 15:18

same problem here
 
Same problem here with shell user
from ispconfig log
Code:

2011-08-26 16:11        server1.uk.com        Debug        Processed datalog_id 91       
2011-08-26 16:11        server1.uk.com        Debug        Jailkit Plugin -> insert username:newuser       
2011-08-26 16:11        server1.uk.com        Debug        exec: chown root:root /var/www/clients/client3/web1       
2011-08-26 16:11        server1.uk.com        Debug        exec: chmod 755 /var/www/clients/client3/web1       
2011-08-26 16:11        server1.uk.com        Debug        Added created jailkit parent user home in : /var/www/clients/client3/web1/home/web1       
2011-08-26 16:11        server1.uk.com        Debug        Added created jailkit user home in : /var/www/clients/client3/web1/home/newuser       
2011-08-26 16:11        server1.uk.com        Debug        Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh newuser /var/www/clients/client3/web1 /home/newuser /bin/bash web1 /home/web1       
2011-08-26 16:11        server1.uk.com        Debug        exec: chown root:root /var/www/clients/client3/web1       
2011-08-26 16:11        server1.uk.com        Debug        exec: chmod 755 /var/www/clients/client3/web1       
2011-08-26 16:11        server1.uk.com        Debug        Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.       
2011-08-26 16:11        server1.uk.com        Debug        Disabling shelluser temporarily: usermod -s /bin/false -L newuser       
2011-08-26 16:11        server1.uk.com        Debug        Added shelluser: newuser       
2011-08-26 16:11        server1.uk.com        Debug        Executed command: useradd -d /var/www/clients/client3/web1 -g client3 -o -p $1$TzB4veZV$D.zUaVx3QmNTAz.0016ZJ1 -s /bin/bash -u 5004 newuser       
2011-08-26 16:11        server1.uk.com        Debug        Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.

shell user disconnects automatically upon login
from /etc/passwd
Code:

newuser:x:5004:5005::/var/www/clients/client3/web1:/bin/false
Any help ?
Thank you

corpus 26th August 2011 16:02

if i understand the topic i have to do :
vim /usr/local/ispconfig/server/plugins-available/shelluser_base_plugin.inc.php
comment out line 100
Code:

//* $command = 'usermod -s /bin/false -L '.escapeshellcmd($data['new']['username']);
and make it
Code:

$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
after this i created a new user
got logged in this time
but the user is not jailed
the new user has bash in /etc/passwd
second:x:5004:5005::/var/www/clients/client3/web1:/bin/bash
any solution?

corpus 30th August 2011 17:02

solution
 
Ok. To help some noobs ;) like me with similar probs.
In fresh debian 6 perfect server setup with jailkit 2.13 i had to create 2 jailed users with ispconfig for 2 websites.
With the first user1 created and he was jailed and all ok.
user2 created but not jailed.
I was taking a look tin /etc/passwd and saw this (user1 is the owner of web2)

Code:

web1:x:5004:5005::/var/www/clients/client2/web1:/bin/false
web2:x:5005:5006::/var/www/clients/client1/web2/./home/web2:/bin/false
user2:x:5004:5005::/var/www/clients/client2/web1:/bin/bash
user1:x:5005:5006::/var/www/clients/client1/web2/./home/user1:/usr/sbin/jk_chrootsh

user2 has not jk_chrootsh shell and a wrong homedir
so i modified manually to

Code:

web1:x:5004:5005::/var/www/clients/client2/web1/./home/web1:/bin/false
web2:x:5005:5006::/var/www/clients/client1/web2/./home/web2:/bin/false
user2:x:5004:5005::/var/www/clients/client2/web1/./home/user2:/usr/sbin/jk_chrootsh
user1:x:5005:5006::/var/www/clients/client1/web2/./home/user1:/usr/sbin/jk_chrootsh

and all worked fine
if you want test it
thanks


All times are GMT +2. The time now is 16:09.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.