View Single Post
  #1  
Old 12th July 2011, 23:02
user99 user99 is offline
Junior Member
 
Join Date: Jul 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Name resolution not working for jailkit chrooted users

I followed the "Perfect Server" installation for Ubuntu 11.04 and ISPConfig 3.
When using shell as generic linux user or sudo, name resolution works perfectly.

Inside a chrooted environment, name resolution fails.

Here's what I did:

I created a client, and a site. (No reseller is used in my case).
I gave the client a chrooted shell.
The client user can login to the shell, but cannot get name resolution from the shell using any of the available tools:

ping www.google.com
ping: unknown host www.google.com

ping with ip address works fine, of course.

More details:
chrooted /etc/resolv.conf contains:
search (my local domain here)
nameserver 8.8.8.8
nameserver 8.8.4.4

The chrooted user can read from resolv.conf
It is identical to the root version.

/bin/ping does have required suid:
ls -la /bin/ping
-rwsr-xr-x 1 0 0 35680 Nov 15 2010 /bin/ping

As far as the settings in ISPConfig's panel for jailkit, these are still set to default values:

Jailkit chroot app sections:
basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh

Jailkit chrooted applications:
/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico

I copied dig and nslookup into the chrooted environment, and both work.

Other info:
This server functions as Web and Mail server only. All other services (including DNS server) are disabled. Mail seems to be working perfectly. I haven't tested the web server yet.

Has anyone else run into this issue?
Any ideas on what might be causing the problem?

thx

Last edited by user99; 12th July 2011 at 23:04. Reason: correct error.
Reply With Quote
Sponsored Links