Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st December 2011, 14:36
redwiz redwiz is offline
Junior Member
 
Join Date: Dec 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default bad permission creating shell user with rsa key

I don't know if this is the right forum to post, but i think i discovered a bug in shelluser creation procedure.

I downloaded and installed ispconfig last version (no sources modification made).

if i try to create a shell user ,both with o without chroot, and also provide a public rsa key evereything works fine, the user is created, and also ~/.ssh and ~/.ssh/authorized_keys are.

The problem is that ~/.ssh and ~/.ssh/authorized_keys are created owned by root , so i had to change manually the permission to let ssh work for that user.

Taking a look inside the sources i realized that in both

shelluser_jailkit_plugin.inc.php
and
shelluser_base_plugin.inc.php

the line that is suposed to give the right owner
(at the very end of the files)

exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);


is commented out.

Am i right or i miss something?

thanks in advance to every answer

Andrea Consigli
Reply With Quote
Sponsored Links
  #2  
Old 1st December 2011, 18:02
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,256 Times in 4,121 Posts
Default

The chown command is commented out as it destroyed the jail for every shell user. I guess we will have to add a selctive chown for the .ssh subdirectory then.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 1st December 2011, 18:26
redwiz redwiz is offline
Junior Member
 
Join Date: Dec 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
The chown command is commented out as it destroyed the jail for every shell user. I guess we will have to add a selctive chown for the .ssh subdirectory then.

First of all, thanks for the reply.

So you mean that now the function is not working properly, not my bad usage.
Unfortunately i don't know how jailkit works, so i didn't understad what you mean with:
"it destroyed the jail for every shell user".

What exactly happen after that chown?

Finally, if you want tell me how the problem can be fixed, i can write a patch and send it back to you once finished.

thanks

Andrea Consigli
Reply With Quote
  #4  
Old 2nd December 2011, 12:00
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,256 Times in 4,121 Posts
Default

Quote:
What exactly happen after that chown?
All files are woned by the wrong user. In a jail, several files have to be owned by the root user and not the jailed shell user and that chown command changed all files to the shell user which destroyed the jail.

The fix will most likely be to add the following code where the two commented out chown lines are:

Code:
exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir.'/home/'.escapeshellcmd($this->data['new']['puser']).'/.ssh');
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't receive mails baicunko Server Operation 12 3rd August 2011 22:02
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Squirrelmail login failure Cracklefish Installation/Configuration 9 30th June 2010 20:38
Add ons for ISPConfig 3 virtue Installation/Configuration 24 16th October 2009 17:30
Problem with the apache (I can't start ist) M.Behrens Installation/Configuration 11 31st March 2006 10:48


All times are GMT +2. The time now is 21:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.