ISPconfig Jaikit / SSH Chroot not working (Lenny)

[edge]

Not sure where I did go wrong, but I did install Jaikit (according to The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 3] - Page 4 - step 15 - Install Jailkit) before I installed ISPconfig 3

Whatever option I try for a Shell-User (none / Jailkit / SSH CHroot), they can cd into other directorys, and read the data.

Is it me who made a mistake, or does it not work on Lenny?

[till]

Jailkit works for me fine on lenny, there are no known bugs. SSH-Chroot will only work if you patch your SSH daemon like it was nescessary for ispconfig 2.

[edge]

Hi Falko,

I'm 100% sure that I did install it according to the howto.

Also the directory /etc/jailkit and the needed files do exist, and jk_sockeetd.ini does point to the "jailed" user directory

Quote:

[/var/clients/client1/web1/dev/log]
base=512
peak=2048
interval=10

When I login with the created shell-user I get this back as prompt.

Quote:

$USER@www.somedomain.nl:~$

Is the $USER correct, or should it say the user name?

Also.. Is there an other way of checking that Jailkit is installed correct?

[edge]

I've created a new domain / user, and now jailkit is working fine!
The 1st domain / user that I tested it with was the main host name of the server. I guess that this was kind of mixing things up.

All is working fine for the new user.

However! I do still see the deleted test user accounts in "/var/clients/client1/web1/home"

[falko]

I see you've posted this in the bugtracker, so we will check it.

[oncletom]

Hi, I think I have a similar problem.

I created a client, then a website and at least, at shell account with a Jailkit chroot.
Its dir is `/var/www/clients/client1/web1`. When I login, I'm located in `/var/www/clients/client1/web1/home/[clientname]`. I can browse the whole filesystem (according to the user permissions at least).

A last thing, I let the username empty because a shell login with [clientname] was fine. Could it be related? No chroot created because of no username given?

PS: I've installed Jailkit before ISPConfig ;-)

[till]

Are you really sure that you can broser the complete filesystem? Please login with that user and then execute:

cd /

and post the output of:

ls -la

[oncletom]

Quote:

Originally Posted by till

Are you really sure that you can broser the complete filesystem? Please login with that user and then execute:

cd /

and post the output of:

ls -la

Hello

Thanks for your prompt reply. Here is the output:

Quote:

web1@ns206144:~$ cd /
web1@ns206144:/$ ls -la
total 84
drwxr-xr-x 21 root root 4096 avr 19 19:25 .
drwxr-xr-x 21 root root 4096 avr 19 19:25 ..
drwxr-xr-x 2 root root 4096 fév 12 14:46 bin
drwxr-xr-x 2 root root 4096 avr 19 19:23 boot
drwxr-xr-x 12 root root 14080 avr 23 06:25 dev
drwxr-xr-x 95 root root 4096 avr 23 10:38 etc
drwxr-xr-x 3 root root 4096 fév 9 12:53 home
drwxr-xr-x 11 root root 4096 avr 23 10:35 lib
lrwxrwxrwx 1 root root 4 avr 19 19:23 lib64 -> /lib
drwx------ 2 root root 16384 avr 19 19:15 lost+found
drwxr-xr-x 3 root root 4096 fév 9 11:23 media
drwxr-xr-x 2 root root 4096 déc 4 10:21 mnt
drwxr-xr-x 2 root root 4096 fév 9 11:23 opt
dr-xr-xr-x 170 root root 0 avr 19 22:27 proc
drwxr-xr-x 5 root root 4096 avr 21 19:20 root
drwxr-xr-x 2 root root 4096 avr 21 19:57 sbin
drwxr-xr-x 2 root root 4096 sep 16 2008 selinux
drwxr-xr-x 2 root root 4096 fév 9 11:23 srv
drwxr-xr-x 12 root root 0 avr 19 22:27 sys
drwxrwxrwt 5 root root 4096 avr 23 10:45 tmp
drwxr-xr-x 11 root root 4096 avr 19 21:45 usr
drwxr-xr-x 15 root root 4096 avr 19 22:12 var

Is it the expected result?

[till]

Ok, the user is really not chrooted. Did you get any errors in the log files (see monitoring module) as you created the jailed user? Please try to create a different new jailed user and check if this gets jailed.

[oncletom]

Quote:

Originally Posted by till

Ok, the user is really not chrooted. Did you get any errors in the log files (see monitoring module) as you created the jailed user? Please try to create a different new jailed user and check if this gets jailed.

I'll check for that. I'll keep you in touch thanks.