HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Developers' Forum (http://www.howtoforge.com/forums/forumdisplay.php?f=33)
-   -   Jailkit Problems (http://www.howtoforge.com/forums/showthread.php?t=57185)

halsafar 4th May 2012 19:39

Jailkit Problems
 
*Please move to appropriate category*

Followed perfect server configuration on Ubuntu 12.04 every step of the way in the exact order. Everything was fine up until attempting to setup shell users in ISPConfig that are jailed.

Making a post with some solutions as Google lacks good help in this area.

Problem: namespace resolution and cannot scp/sftp
- Jailed users could not perform name resolution (errors with wget for example)
- Jailed users could not use scp (unknown user $uid)
Solution to both (replace # with your client and site numbers):
Code:

cp /lib/x86_64-linux-gnu/libnss_* /var/www/clients/client#/web#/lib/x86_64-linux-gnu/
Permanent solution likely involves a fix in /etc/jailkit/jk_init.ini. The paths it contains are wrong for some of the libs and it does not list all the necessary libs.
Problem: nano, pico "Error opening terminal: xterm"
- likely caused because xterm libraries are missing
- you maybe don't want xterm as your choice
Solution:
Still trying to fix this one

Steveorevo 29th June 2012 21:30

I'm wondering if I'm having the same problem. While jailkit ssh sessions work find on the command line, using any type of highlevel client simply doesn't work (MacFusion, Coda, Cyberduck, Dreamweaver, etc.).

I suspect it is because scp is broken and this solution requires a manual for every client that gets created? Trying to find a fix...

Steveorevo 30th June 2012 09:41

Jailkit appears to be half baked. Core libraries are missing since Ubuntu now implements the /lib/x86_64-linux-gnu subfolder. I was able to resolve this by creating aliases for select components to the sub folder. I did this prior to installing ISPConfig and it appears to have resolved my issues of scp/sftp (allowing Dreamweaver, Coda, Macfusion, clients to connect with jailkit, etc.). I'm not sure if this is the appropriate way to do this, but here is how:

cp -s /lib/x86-linux-gnu/libnss_* /lib/

till 2nd July 2012 10:04

Quote:

Jailkit appears to be half baked.
Not at all. The jailis fully configurable. You can configure it in jailkit if you need additional software or if you want to copy additional directores when the jail is created. Please take a look at the jailkit documnetation, the available config files and options are explained there.

http://olivier.sessink.nl/jailkit/

Steveorevo 2nd July 2012 10:17

Sorry. I should clarify; Jailkit does not work by default like it did on Ubuntu 10.04 LTS because Ubuntu's introduction of the subfolder in 12.04 LTS. While you can ssh and do something as trivial as ls, you cannot use it for SFTP, you cannot use it for commands such as scp, nor can you use it for commands like wget. No IDEs or transport programs will work with it 'out of the box'. No Netbeans, no eclipse, no Dreamweaver, Coda, PHPEd, no Cyberduck, no Macfusion, ...

However, you can fix this by using the command above to restore symbolic links to the needed libraries to use Jailkit in the most common manner for web purposes: data i/o.

till 2nd July 2012 10:36

What you did with the command above con be configured in the jailkit config files. Why do you run this command manually if you can just configure it in the jailkit config files?

Quote:

No IDEs or transport programs will work with it 'out of the box'. No Netbeans, no eclipse, no Dreamweaver, Coda, PHPEd, no Cyberduck, no Macfusion, ...
Most users use ftps with these apps (not scp or sftp), so no ssh user is required then.

Steveorevo 2nd July 2012 10:48

Hi Til,
Thank you for responding.

Quote:

Why do you run this command manually
I did this for the same reason that myself, halsafar, globiws, and several others have stated in their post titles: "namespace resolution and cannot scp/sftp", and "Ubuntu Jailkit multiple problems".

Quote:

What you did with the command above con be configured in the jailkit config files
I believe we're not familiar with Jailkit like you are. :-) Had we known that, we wouldn't be asking these questions or creating those post titles. You see, Falko (and yourself) often provides great insight and quality posts that work really well! So I had to improvise and provide a solution for others that just works in your absence.

Quote:

you can just configure it in the jailkit config files...
As I stated in my post, "I'm not sure if this is the appropriate way to do this, but here is how...". Now I know, thanks to your response and keen knowledge.

Thank you very much!

Steveorevo 2nd July 2012 11:05

Quote:

Most users use ftps with these apps (not scp or sftp), so no ssh user is required then.
Thats because most users are stuck with cPanel or simply don't have access to something as simply and cool as ISPConfig!

I prefer SFTP because it has several pros like one connection (no need for DATA ports), native support for keys, its directory listing is uniform, standard and consistent mechanism for file and directory attributes, includes operations for permissions and file locking and more functionality (used in some IDEs GUIs, etc.).

bormoglot 7th August 2012 08:31

the same trouble, solutions do not work
 
I have Ubuntu 12.04 LTS (GNU/Linux 3.2.0-27-generic x86_64) with ispconfig 3.0.4.5. Symptoms are exactly as described (ssh logins fine but no more: jailed session give no name resolution, no scp, no nothing).

I have updated jk_init.ini with widest references
===================================
[uidbasics]
libraries = /lib/*, /lib64/*, /usr/lib/*, /lib/x86_64-linux-gnu/*

and

[netbasics]
libraries = /lib/*, /lib64/*, /usr/lib/*, /lib/x86_64-linux-gnu/*
===================================

But it does not help. Where to look at further?

Steveorevo 7th August 2012 08:34

see above?


All times are GMT +2. The time now is 09:55.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.