HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=33)
-   -   bad permission creating shell user with rsa key (http://www.howtoforge.com/forums/showthread.php?t=55190)

redwiz 1st December 2011 14:36

bad permission creating shell user with rsa key
 
I don't know if this is the right forum to post, but i think i discovered a bug in shelluser creation procedure.

I downloaded and installed ispconfig last version (no sources modification made).

if i try to create a shell user ,both with o without chroot, and also provide a public rsa key evereything works fine, the user is created, and also ~/.ssh and ~/.ssh/authorized_keys are.

The problem is that ~/.ssh and ~/.ssh/authorized_keys are created owned by root , so i had to change manually the permission to let ssh work for that user.

Taking a look inside the sources i realized that in both

shelluser_jailkit_plugin.inc.php
and
shelluser_base_plugin.inc.php

the line that is suposed to give the right owner
(at the very end of the files)

exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);


is commented out.

Am i right or i miss something?

thanks in advance to every answer

Andrea Consigli

till 1st December 2011 18:02

The chown command is commented out as it destroyed the jail for every shell user. I guess we will have to add a selctive chown for the .ssh subdirectory then.

redwiz 1st December 2011 18:26

Quote:

Originally Posted by till (Post 268641)
The chown command is commented out as it destroyed the jail for every shell user. I guess we will have to add a selctive chown for the .ssh subdirectory then.


First of all, thanks for the reply.

So you mean that now the function is not working properly, not my bad usage.
Unfortunately i don't know how jailkit works, so i didn't understad what you mean with:
"it destroyed the jail for every shell user".

What exactly happen after that chown?

Finally, if you want tell me how the problem can be fixed, i can write a patch and send it back to you once finished.

thanks

Andrea Consigli

till 2nd December 2011 12:00

Quote:

What exactly happen after that chown?
All files are woned by the wrong user. In a jail, several files have to be owned by the root user and not the jailed shell user and that chown command changed all files to the shell user which destroyed the jail.

The fix will most likely be to add the following code where the two commented out chown lines are:

Code:

exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir.'/home/'.escapeshellcmd($this->data['new']['puser']).'/.ssh');


All times are GMT +2. The time now is 16:24.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.