Navigation

denmaddog · #1 14th February 2011, 01:55

I have setup my server based on tutorial Howto perfect server ISPConfig Ubuntu 10.10, but Jailkit isn't working. When I add shell user to some site and choose "Jailkit"( options are "None" and "Jailkit" ) option and then login via ssh as that user, the user can browse all system. Outputs are:

tail -f /var/log/auth.log

Feb 12 16:58:43 www sshd[4370]: Accepted password for bojana from 10.13.1.56 port 2128 ssh2
Feb 12 16:58:43 www sshd[4370]: pam_unix(sshd:session): session opened for user bojana by (uid=0)
Feb 12 16:58:44 www sshd[4370]: pam_unix(sshd:session): session closed for user bojana

/etc/passwd

web3:x:5006:5005::/var/www/clients/client1/web3/./home/web3:/bin/false

bojana:x:5006:5005::/var/www/clients/client1/web3/./home/bojana:/bin/bash

/etc/init.d/jailkit restart

Stopping jailkit: jk_socketd/usr/sbin/jk_socketd: no process found

done.

Starting jailkit: jk_socketdversion 2.13, no sockets specified in configfile /etc/jailkit/jk_socketd.ini or on commandline, nothing to do, exiting...

done.

It seems like Jailkit is not properly configured. I tried updating ISPConfig and reconfiguring services but problem remains.

Please can you help me solve this.

Zeljko

till · #2 14th February 2011, 10:02

The jailkit daemon is not used, so its ok that it does not start.

Regarding the login issue, the user bojana uses a wrong shell. Have you edited anything in the /etc/passwd file manually or did you change any settings of the user bojana manually on the shell?

denmaddog · #3 14th February 2011, 11:02

Till,

I haven't changed anything manualy...I will add new shell user now and post what happend in /etc/passwd

Tnx.

denmaddog · #4 14th February 2011, 11:07

After adding new testuser this is the line in /etc/passwd

testuser:x:5006:5005::/var/www/clients/client1/web3/./home/testuser:/bin/false

And I cannot login to server with putty ... putty just crashes ( disapear ).

root@www:~# tail -f /var/log/auth.log
Feb 14 11:04:20 www sshd[10294]: Accepted password for testuser from 192.168.13.202 port 3756 ssh2
Feb 14 11:04:20 www sshd[10294]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Feb 14 11:04:20 www sshd[10294]: pam_unix(sshd:session): session closed for user testuser

denmaddog · #5 14th February 2011, 11:13

If I change the shell from /bin/false to /usr/sbin/jk_chrootsh in /ets/passwd I got this in /var/log/auth.log

Feb 14 11:10:34 www sshd[10702]: Accepted password for testuser from 192.168.13.202 port 3882 ssh2
Feb 14 11:10:34 www sshd[10702]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Feb 14 11:10:34 www jk_chrootsh[10770]: now entering jail /var/www/clients/client1/web3 for user testuser (5006)
Feb 14 11:10:34 www jk_chrootsh[10770]: abort, failed to get user information in the jail for user ID 5006: Success, check /var/www/clients/client1/web3/etc/passwd
Feb 14 11:10:34 www sshd[10702]: pam_unix(sshd:session): session closed for user testuser

Any idea?

denmaddog · #6 14th February 2011, 11:18

I assume ISPConfig/Jailkit should make some shanges to /var/www/clients/client1/web3/etc/passwd and group file, but those files are empty ...

I'm getting desperate

folken · #7 14th February 2011, 12:32

Quote:

Originally Posted by denmaddog

I assume ISPConfig/Jailkit should make some shanges to /var/www/clients/client1/web3/etc/passwd and group file, but those files are empty ...

I'm getting desperate

G'day,

The problem is not with ISPConfg but with the jailkit program.

10-10-2010: Jailkit 2.13 released. Jailkit 2.13 fixes a regression in the build system that could set the location of the configuration directory to the wrong path.

In short the version that the howto recommend tell you to download 2.12 which has a major bug where it expects all config files to be located in /usr to resolve this issue download the latest version and it'll work.

T

P.S. it took me 2 hours to figure this out....