Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 23rd March 2010, 22:47
jwlinux jwlinux is offline
Junior Member
 
Join Date: Mar 2010
Posts: 27
Thanks: 5
Thanked 2 Times in 2 Posts
Default jailkit not working on ISPconfig v 3.0.2 Debian Lenny

As mentioned in other posts - I recently installed ISPConfig 3.0.2 on Debian Lenny. I used the Debian Lenny Perfect Setup instructions http://www.howtoforge.com/perfect-se...nny-ispconfig3 to the best of my knowledge I followed the instructions exactly.

I made a reseller, reseller make a client, client made a website and FTP user and shell user. So far so good except for the shell user:

In the reseller limits, SSH-Chroot Options I checked both "none" and "jailkit"
In turn, the reseller checked "none" and "jailkit" for the client (limit is set to -1 in each)
When the client made the "shell user" we set the "Chroot Shell" option to Jailkit

However the shell user cannot log in via sftp, I see errors like this in the system logs:

Mar 23 15:19:13 ccs090 sshd[27807]: pam_unix(sshd:session): session opened for user site1 by (uid=0)
Mar 23 15:19:13 ccs090 sshd[27809]: subsystem request for sftp
Mar 23 15:19:13 ccs090 snoopy[27810]: [unknown, uid:5004 sid:27810]: false -c /usr/lib/openssh/sftp-server
Mar 23 15:19:13 ccs090 sshd[27807]: pam_unix(sshd:session): session closed for user site1

I discovered that their shell was set to /bin/false.
So I changed it manually:
usermod -s /usr/sbin/jk_chrootsh site1

Then in the logs I saw errors like:

Mar 23 16:36:43 ccs090 sshd[28937]: Accepted password for site1 from 12.233.247.2 port 63729 ssh2
Mar 23 16:36:43 ccs090 sshd[28937]: pam_unix(sshd:session): session opened for user site1 by (uid=0)
Mar 23 16:36:43 ccs090 sshd[28939]: subsystem request for sftp
Mar 23 16:36:43 ccs090 snoopy[28940]: [unknown, uid:5004 sid:28940]: jk_chrootsh -c /usr/lib/openssh/sftp-server
Mar 23 16:36:43 ccs090 jk_chrootsh[28940]: path /var/www/clients/client5/web4/./home/web4 is group writable
Mar 23 16:36:43 ccs090 jk_chrootsh[28940]: abort, path /var/www/clients/client5/web4/./home/web4 is group writable, set option 'relax_home_group_permissions' to relax this check

So after some google research I set the following options in /etc/jailkit/jk_chrootsh.ini :

[DEFAULT]
relax_home_group=1
relax_home_group_permissions=1
relax_home_other_permissions=1


Now, I get errors that chroot cannot find bash:

Mar 23 16:38:31 ccs090 sshd[28957]: Accepted password for site1 from 12.233.247.2 port 60101 ssh2
Mar 23 16:38:31 ccs090 sshd[28957]: pam_unix(sshd:session): session opened for user site1 by (uid=0)
Mar 23 16:38:31 ccs090 sshd[28959]: subsystem request for sftp
Mar 23 16:38:31 ccs090 snoopy[28960]: [unknown, uid:5004 sid:28960]: jk_chrootsh -c /usr/lib/openssh/sftp-server
Mar 23 16:38:31 ccs090 jk_chrootsh[28960]: path /var/www/clients/client5/web4/./home/web4 is group writable
Mar 23 16:38:31 ccs090 jk_chrootsh[28960]: now entering jail /var/www/clients/client5/web4 for user web4 (5004)
Mar 23 16:38:31 ccs090 snoopy[28960]: [unknown, uid:5004 sid:28960]: /bin/bash -c /usr/lib/openssh/sftp-server
Mar 23 16:38:31 ccs090 snoopy[28960]: ERROR: failed to execute shell /bin/bash for user web4 (5004), check the permissions and libraries of /var/www/clients/client5/web4//bin/bash
Mar 23 16:38:31 ccs090 sshd[28957]: pam_unix(sshd:session): session closed for user site1


I also eventually changed the shell for user "web4":

usermod -s /usr/sbin/jk_chrootsh web4

All of the directories exist but bin/bash does not:

drwxrwxr-x 2 web4 client5 48 2010-03-22 16:21 /var/www/clients/client5/web4/./home/web4
drwxrwxr-x 4 root root 104 2010-03-23 15:19 /var/www/clients/client5/web4/./home/
drwxr-xr-x 9 root root 304 2010-03-22 16:21 /var/www/clients/client5/web4/

ls: cannot access /var/www/clients/client5/web4//bin/bash

And in fact there is no ./bin/ directory at all:

#ls /var/www/clients/client5/web4/
cgi-bin etc home log ssl tmp var web

I did not change any default setting for jailkit or for the user that I know of. It seems that jailkit/ISPConfig to not "create" the chroot jail correctly.

Can anyone tell me what I need to do to fix this?

Thank you,

JW

Last edited by jwlinux; 23rd March 2010 at 22:48. Reason: typo in Title
Reply With Quote
Sponsored Links
 

Bookmarks

Tags
debian lenny, ispconfig 3.0.2, jailkit chroot shell

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[debian 5 + ispconfig 3] Unable to send mail tanakskool HOWTO-Related Questions 6 4th November 2009 18:20
Booting On PXE And On A Customized Debian System sebastienp HOWTO-Related Questions 7 30th July 2009 21:13
Howto upgrade from Debian 4 (Etch) to Debian 5 (Lenny) Hans Tips/Tricks/Mods 2 1st December 2008 23:40
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 00:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 14:42


All times are GMT +2. The time now is 21:15.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.