Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th August 2011, 18:54
Justin Albstmeijer Justin Albstmeijer is offline
Member
 
Join Date: Dec 2007
Posts: 76
Thanks: 1
Thanked 6 Times in 6 Posts
Default creating a jailkit user fails

Hi,

When creating a jailkit user, I cannot login.
If I check the /etc/passwd entries the user has not been given the correct shell.

web283:x:5123:5043::/var/clients/client30/web123/./home/web123:/bin/false
random.com:x:5123:5043::/var/clients/client12/web123/./home/random.com:/bin/false

created two more accounts with the same result.

here the create log of the initial creation

17.08.2011-12:14 - DEBUG - Found 1 changes, starting update process.
17.08.2011-12:14 - DEBUG - Replicated from master: REPLACE INTO shell_user (`shell_user_id`,`sys_userid`,`sys_groupid`,`sys_p erm_user`,`sys_perm_group`,`sys_perm_other`,`serve r_id`,`parent_domain_id`,`username`,`password`,`qu ota_size`,`active`,`puser`,`pgroup`,`shell`,`dir`, `chroot`) VALUES ('179','32','32','riud','riud','','10','283','rand om.com','$1$it2Sirq4$Ymomt.K6123456twxOCXL.','-1','y','web123','client12','/bin/bash','/var/clients/client12/web123','jailkit')
17.08.2011-12:14 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
17.08.2011-12:14 - DEBUG - Executed command: useradd -d /var/clients/client12/web123 -g client12 -o -p \$1\$it2Sirq4\$Ymomt.K6123456twxOCXL. -s /bin/bash -u 5123 random.com
17.08.2011-12:14 - DEBUG - Added shelluser: random.com
17.08.2011-12:14 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L random.com
17.08.2011-12:14 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
17.08.2011-12:14 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/clients/client12/web123 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
17.08.2011-12:14 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/clients/client12/web123 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
17.08.2011-12:14 - DEBUG - Added bashrc scrpt : /var/clients/client12/web123/etc/bash.bashrc
17.08.2011-12:14 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh random.com /var/clients/client12/web123 /home/random.com /bin/bash web123 /home/web123
17.08.2011-12:14 - DEBUG - Added created jailkit user home in : /var/clients/client12/web123/home/random.com
17.08.2011-12:14 - DEBUG - Added created jailkit parent user home in : /var/clients/client12/web123/home/web123
17.08.2011-12:14 - DEBUG - Jailkit Plugin -> insert username:random.com
17.08.2011-12:14 - DEBUG - Processed datalog_id 21819
17.08.2011-12:14 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
17.08.2011-12:15 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

editing the account, in this case by changing the quote of the shell user, the shell gets fixed and I can log in.

web123:x:5123:5043::/var/clients/client12/web123/./home/web123:/bin/false
random.com:x:5123:5043::/var/clients/client12/web123/./home/random.com:/usr/sbin/jk_chrootsh

here the log of the quota change.

17.08.2011-16:32 - DEBUG - Replicated from master: REPLACE INTO shell_user (`shell_user_id`,`sys_userid`,`sys_groupid`,`sys_p erm_user`,`sys_perm_group`,`sys_perm_other`,`serve r_id`,`parent_domain_id`,`username`,`password`,`qu ota_size`,`active`,`puser`,`pgroup`,`shell`,`dir`, `chroot`) VALUES ('179','32','32','riud','riud','','10','123','rand om.com','$1$it2Sirq4$Ymomt.K6123456twxOCXL.','1',' y','web123','client12','/bin/bash','/var/clients/client12/web123','jailkit')
17.08.2011-16:32 - DEBUG - Calling function 'update' from plugin 'shelluser_base_plugin' raised by event 'shell_user_update'.
17.08.2011-16:32 - DEBUG - Executed command: usermod --home /var/clients/client12/web123 --gid client12 --password \$1\$it2Sirq4\$Ymomt.K6123456twxOCXL. --login random.com random.com
17.08.2011-16:32 - DEBUG - Updated shelluser: random.com
17.08.2011-16:32 - DEBUG - Calling function 'update' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_update'.
17.08.2011-16:32 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/clients/client12/web123 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
17.08.2011-16:32 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/clients/client12/web123 '/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico'
17.08.2011-16:32 - DEBUG - Added bashrc scrpt : /var/clients/client12/web123/etc/bash.bashrc
17.08.2011-16:32 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh random.com /var/clients/client12/web123 /home/random.com /bin/bash web123 /home/web123
17.08.2011-16:32 - DEBUG - Added created jailkit user home in : /var/clients/client12/web123/home/random.com
17.08.2011-16:32 - DEBUG - Added created jailkit parent user home in : /var/clients/client12/web123/home/web123
17.08.2011-16:32 - DEBUG - Jailkit Plugin -> update username:random.com
17.08.2011-16:32 - DEBUG - Processed datalog_id 21824
17.08.2011-16:32 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

I have seen this issue with previous versions too.

Justin
Reply With Quote
Sponsored Links
  #2  
Old 17th August 2011, 22:36
Justin Albstmeijer Justin Albstmeijer is offline
Member
 
Join Date: Dec 2007
Posts: 76
Thanks: 1
Thanked 6 Times in 6 Posts
Default

Background info, I'm running ispconfig-3.0.3.3 on centos-5.

I see shelluser_base_plugin.inc.php disabling the account and setting the shell to /bin/false

Disabling shelluser temporarily: usermod -s /bin/false -L random.com

I see shelluser_jailkit_plugin.inc.php unlocking the account but not restoring the /usr/sbin/jk_chrootsh shell.
Reply With Quote
  #3  
Old 18th August 2011, 11:23
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,388
Thanks: 833
Thanked 5,486 Times in 4,318 Posts
Default

You are right, the command to unlock the account has to be:

$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);

Originally we used only -L and -U without changing the shell, but this did not work reliably. I've restored your bugtracker report.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 26th August 2011, 15:18
corpus corpus is offline
Junior Member
 
Join Date: Jan 2011
Posts: 29
Thanks: 8
Thanked 12 Times in 9 Posts
Default same problem here

Same problem here with shell user
from ispconfig log
Code:
2011-08-26 16:11 	server1.uk.com 	Debug 	Processed datalog_id 91 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Jailkit Plugin -> insert username:newuser 	
2011-08-26 16:11 	server1.uk.com 	Debug 	exec: chown root:root /var/www/clients/client3/web1 	
2011-08-26 16:11 	server1.uk.com 	Debug 	exec: chmod 755 /var/www/clients/client3/web1 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Added created jailkit parent user home in : /var/www/clients/client3/web1/home/web1 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Added created jailkit user home in : /var/www/clients/client3/web1/home/newuser 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh newuser /var/www/clients/client3/web1 /home/newuser /bin/bash web1 /home/web1 	
2011-08-26 16:11 	server1.uk.com 	Debug 	exec: chown root:root /var/www/clients/client3/web1 	
2011-08-26 16:11 	server1.uk.com 	Debug 	exec: chmod 755 /var/www/clients/client3/web1 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'. 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Disabling shelluser temporarily: usermod -s /bin/false -L newuser 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Added shelluser: newuser 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Executed command: useradd -d /var/www/clients/client3/web1 -g client3 -o -p $1$TzB4veZV$D.zUaVx3QmNTAz.0016ZJ1 -s /bin/bash -u 5004 newuser 	
2011-08-26 16:11 	server1.uk.com 	Debug 	Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
shell user disconnects automatically upon login
from /etc/passwd
Code:
newuser:x:5004:5005::/var/www/clients/client3/web1:/bin/false
Any help ?
Thank you
Reply With Quote
  #5  
Old 26th August 2011, 16:02
corpus corpus is offline
Junior Member
 
Join Date: Jan 2011
Posts: 29
Thanks: 8
Thanked 12 Times in 9 Posts
Default

if i understand the topic i have to do :
vim /usr/local/ispconfig/server/plugins-available/shelluser_base_plugin.inc.php
comment out line 100
Code:
 //* $command = 'usermod -s /bin/false -L '.escapeshellcmd($data['new']['username']);
and make it
Code:
$command .= 'usermod -s /usr/sbin/jk_chrootsh -U '.escapeshellcmd($data['new']['username']);
after this i created a new user
got logged in this time
but the user is not jailed
the new user has bash in /etc/passwd
second:x:5004:5005::/var/www/clients/client3/web1:/bin/bash
any solution?

Last edited by corpus; 26th August 2011 at 16:04. Reason: /etc/passwd
Reply With Quote
  #6  
Old 30th August 2011, 17:02
corpus corpus is offline
Junior Member
 
Join Date: Jan 2011
Posts: 29
Thanks: 8
Thanked 12 Times in 9 Posts
 
Default solution

Ok. To help some noobs like me with similar probs.
In fresh debian 6 perfect server setup with jailkit 2.13 i had to create 2 jailed users with ispconfig for 2 websites.
With the first user1 created and he was jailed and all ok.
user2 created but not jailed.
I was taking a look tin /etc/passwd and saw this (user1 is the owner of web2)

Code:
web1:x:5004:5005::/var/www/clients/client2/web1:/bin/false
web2:x:5005:5006::/var/www/clients/client1/web2/./home/web2:/bin/false
user2:x:5004:5005::/var/www/clients/client2/web1:/bin/bash
user1:x:5005:5006::/var/www/clients/client1/web2/./home/user1:/usr/sbin/jk_chrootsh
user2 has not jk_chrootsh shell and a wrong homedir
so i modified manually to

Code:
web1:x:5004:5005::/var/www/clients/client2/web1/./home/web1:/bin/false
web2:x:5005:5006::/var/www/clients/client1/web2/./home/web2:/bin/false
user2:x:5004:5005::/var/www/clients/client2/web1/./home/user2:/usr/sbin/jk_chrootsh
user1:x:5005:5006::/var/www/clients/client1/web2/./home/user1:/usr/sbin/jk_chrootsh
and all worked fine
if you want test it
thanks

Last edited by corpus; 30th August 2011 at 17:03. Reason: typo
Reply With Quote
The Following User Says Thank You to corpus For This Useful Post:
falko (31st August 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating sites with specific user as owner smet Installation/Configuration 1 24th April 2010 23:44
Anything I can do against illegal login-requests? schmidtedv Installation/Configuration 17 7th November 2008 09:25
Wired problem creating a new user Spaetzle General 1 9th October 2008 14:20
Creating new User error.... kassie General 2 2nd June 2007 15:27
log files cruz Technical 3 15th May 2007 14:35


All times are GMT +2. The time now is 14:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.