View Single Post
  #13  
Old 19th June 2013, 19:39
ItsDom ItsDom is offline
Member
 
Join Date: Dec 2012
Posts: 41
Thanks: 2
Thanked 5 Times in 5 Posts
Default

To turn on debug, login as admin, go to system > server config > yourserver.domain and change "log level" to debug. Then go to monitor then show system log to view the log file through ispconfig.

Are you SURE you can go outside the directory? jailkit makes a chroot jail. A chroot jail effectively changes what is considered as root. However, if you were to just chroot to /your/clients/folder/clientx/webx/ with just your website stuff in there, nothing would work, because as far as the shell is concerned, that's all there is, your web stuff. So even basic things like the ls commands wouldn't work because that's located in /bin/ls which the jail doesn't know about because it only knows of everything below /your/clients/clientx/webx. So what jailkit does is create a copy of all the required applications (the ones listed under "chroot jail applications") and puts them in /your/clients/folder/clientx/webx/, replicating the folder structure. (This is 1 of the reasons why if you install jailkit after creating your client or website, it wont work, as it's when the client/website is created that the chroot jail is populated by jailkit)

So when you login to a chroot jail, you will see /etc /var, but they are not the /etc or /var that your whole system uses, they are a copy, located in /your/clients/folder/clientx/webx

One way to demonstrate this: log in as root, go to /etc and create a blank file with a notable name "imaGLOBALtestfile" or something, then navigate to /path/to/your/clients/clientx/webx/etc and create another blank file with a different notable file, e.g. "imaJAILEDtestfile". Now, connect via SSH, and login with your jailed user. Go to the /etc and see which file you can see. If you see "imaJAILEDtestfile" then jailkit is setup and working fine.

The /etc and /var things visible in the jail shouldn't be able to actually be used or modified when logged in as the jailed user (as their typically root:root) But even if somehow they could be modified or tampered with, it wouldn't affect anything outside of the jail anyway, because it's just a copy of the system stuff used only in that jail.
Reply With Quote