Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th July 2011, 14:51
tspau tspau is offline
Junior Member
 
Join Date: Jun 2010
Location: Spain
Posts: 11
Thanks: 4
Thanked 0 Times in 0 Posts
Default problem creating jailed shell users

hello

i have an ispconfig 3 installed following the guide at:

http://www.howtoforge.com/perfect-se...nny-ispconfig3

i have setup in a client:

Max. number of Shell users: 5
SSH-Chroot Options: Jailkit

and then i've created a shell user for this client, setting:

Chroot Shell: Jailkit

but i can't access to shell with that user, and in my /etc/passwd i've got:

testshell:x:5030:5029::/var/www/clients/client32/web62/./home/testshell:/bin/false

why is the shell configured to /bin/false? i did something wrong?
Reply With Quote
Sponsored Links
  #2  
Old 18th July 2011, 16:49
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

It may take a few minutes until the shell user gets created and activated. Please check the jobqueue in the monitor if there are any pending jobs and the syslog in the monitor for errors.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th July 2011, 09:52
tspau tspau is offline
Junior Member
 
Join Date: Jun 2010
Location: Spain
Posts: 11
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
It may take a few minutes until the shell user gets created and activated. Please check the jobqueue in the monitor if there are any pending jobs and the syslog in the monitor for errors.
hello.

i've noticed it takes a while to create the users, but now there's nothing on the job queue, and the user is added to /etc/passwd.

the funny thing is that is added with a /bin/false shell:

satsh:x:5037:5035::/var/www/clients/client49/web84/./home/satsh:/bin/false

if i create another user without been jailed (chroot shell: none), it's created with a /bin/bash shell:

satrt:x:5037:5035::/var/www/clients/client49/web84:/bin/bash

and i can login with this user, with access to all file system
Reply With Quote
  #4  
Old 19th July 2011, 15:01
tspau tspau is offline
Junior Member
 
Join Date: Jun 2010
Location: Spain
Posts: 11
Thanks: 4
Thanked 0 Times in 0 Posts
Default

i have installed ispconfig in another server, and jailkit works fine.

i think the only differences between the testing server and my production site are this:

-in the production server, where didn't work jailkit, /home is a soft link to /usr/home:

lrwxrwxrwx 1 root root 10 abr 16 2010 home -> /usr/home/

-in production server, quota is not enabled (don't have the /quota.user and /quota.group files).


maybe one of these differences could be the reason to fail jailkit?
Reply With Quote
  #5  
Old 19th July 2011, 15:35
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

You can try to debug the creaztion of jailed users on your server:

1) disable the server.sh cronjob in the root crontab.
2) Create a new jailed ssh user in ispconfig.
3) Enable loglevel debug in ISPConfig under System > server config
4) run this script as root un the shell:

/usr/local/ispconfig/server/server.sh
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 19th July 2011, 16:13
tspau tspau is offline
Junior Member
 
Join Date: Jun 2010
Location: Spain
Posts: 11
Thanks: 4
Thanked 0 Times in 0 Posts
Default

i keep working on it:

in my production server, when i create a jailed shell user, no jailed /bin carpet is created, only an /etc carpet whit a void passwd.

i've copied the /bin and /etc from a jailed user from my testing server, editing etc/group and etc/passwd with the data of the local user.

also i've changed the shell of the jailed user from /bin/false to /usr/sbin/jk_chrootsh

when i've tried to login, in auth.log i get:

Jul 19 15:18:11 mysite su[11866]: Successful su for satsh by root
Jul 19 15:18:11 mysite su[11866]: + pts/0 root:satsh
Jul 19 15:18:11 mysite su[11866]: pam_unix(su:session): session opened for user satsh by sshuser(uid=0)
Jul 19 15:18:11 mysite jk_chrootsh[11867]: abort, the current dir is /usr/var/www/clients/client49/web84 after chdir(/var/www/clients/client49/web84), but it should be /var/www/clients/client49/web84
Jul 19 15:18:11 mysite su[11866]: pam_unix(su:session): session closed for user satsh

ok, my /var is a softlink to /usr/var, so in ispconfig panel, i've changed at system -> server config -> web: all references from /var/... to /usr/var/...

i try to create a new user, site and shell user, but still is not created the jailed /bin neither /etc and in /etc/passwd the shell is still /bin/false

:-(

i try again to copy the bin and etc from a jail of my test server (editig /etc/group and /etc/passwd) and if i try to log now, auth.log shows:


Jul 19 16:09:03 mysite su[18609]: Successful su for tssatshell by root
Jul 19 16:09:03 mysite su[18609]: + pts/1 root:tssatshell
Jul 19 16:09:03 mysite su[18609]: pam_unix(su:session): session opened for user tssatshell by sshuser(uid=0)
Jul 19 16:09:03 mysite jk_chrootsh[18610]: now entering jail /usr/var/www/clients/client50/web85 for user tssatshell (5037)
Jul 19 16:09:03 mysite jk_chrootsh[18610]: ERROR: failed to execute shell /bin/bash for user tssatshell (5037), check the permissions and libraries of /usr/var/www/clients/client50/web85//bin/bash
Jul 19 16:09:03 mysite su[18609]: pam_unix(su:session): session closed for user tssatshell

any help?
Reply With Quote
  #7  
Old 19th July 2011, 16:29
tspau tspau is offline
Junior Member
 
Join Date: Jun 2010
Location: Spain
Posts: 11
Thanks: 4
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
You can try to debug the creaztion of jailed users on your server:

1) disable the server.sh cronjob in the root crontab.
2) Create a new jailed ssh user in ispconfig.
3) Enable loglevel debug in ISPConfig under System > server config
4) run this script as root un the shell:

/usr/local/ispconfig/server/server.sh
hello

i don't understand where i have to disable the cronjob server.sh, is not in my cron.d

running that script (without disablen the cronjob) only shows:

19.07.2011-16:24 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
19.07.2011-16:24 - DEBUG - No Updated records found, starting only the core.
19.07.2011-16:24 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.
Reply With Quote
Reply

Bookmarks

Tags
jailkit

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Confusion: Shell Users / Disappearing Logs demortes Installation/Configuration 2 18th July 2010 20:26
ISPConfig3 Mail Warn Errors reason8 General 3 25th November 2009 13:58
Squid users related problem mrtornado Server Operation 3 30th March 2009 04:29
Why Does This Happen With Creating New Users Meads General 2 25th December 2008 19:11
Virtual Users + Mysql + Squirrelmail + ChangePass Plugins Problem JEU Installation/Configuration 10 27th November 2008 16:55


All times are GMT +2. The time now is 00:29.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.