Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th September 2011, 17:37
aldo aldo is offline
HowtoForge Supporter
 
Join Date: Jan 2011
Posts: 98
Thanks: 35
Thanked 3 Times in 3 Posts
Default shell users can navigate backwards

I need to create users only to allow SFTP access.

At this time, "Chroot Shell" is set to "Jailkit" but the user can navigate backwards from the home folders, almost anywhere.

At least I would like to avoid this.

Thank you for your help.
Reply With Quote
Sponsored Links
  #2  
Old 7th September 2011, 17:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

Then the jail is not initiated correctly. You can check that in /etc/passwd. As fasr as I know, you can not even use sftp in a jail in ispconfig, so if the jail would be there, then not sftp login is possible.

In general, I recommend that you use ftps and not sftp. ftps is FTP over a secure TLS encrypted connection which runs over the FTP daemon so that it can benefit from the virtual ftp jails while sftp is a ssh protocol and needs full ssh jails.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
aldo (7th September 2011)
  #3  
Old 7th September 2011, 18:10
aldo aldo is offline
HowtoForge Supporter
 
Join Date: Jan 2011
Posts: 98
Thanks: 35
Thanked 3 Times in 3 Posts
Default

Thank you Till,
please can you tell me what I have to check/correct in /etc/passwd?

FTPS users are configured as shell users or ftp users in ISPConfig 3?

Thanks again.
Reply With Quote
  #4  
Old 7th September 2011, 18:15
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

Quote:
please can you tell me what I have to check/correct in /etc/passwd?
Check the shell of the shell users in /etc/passwd. If its /bin/bash, then they are not jailed. if the shell is something like jk_chrootsh, then the users are jailed.

Quote:
FTPS users are configured as shell users or ftp users in ISPConfig 3?
FTPS users are configured as FTP users in ispconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
aldo (7th September 2011)
  #5  
Old 7th September 2011, 18:45
aldo aldo is offline
HowtoForge Supporter
 
Join Date: Jan 2011
Posts: 98
Thanks: 35
Thanked 3 Times in 3 Posts
Default

in /etc/passwd there is:
web9:x:5011:5006::/var/www/clients/client2/web9/./home/web9:/bin/false
user9:x:5011:5006::/var/www/clients/client2/web9/./home/user9:/usr/sbin/jk_chrootsh

while in ISPConfig:
user9
Chroot Shel=Jailkit
Options:
Web Username=web9
Web Group=client2
Shell=/bin/bash
Dir=/var/www/clients/client2/web9

the only oddity seems the web9 user's shell
/bin/false in /etc/password
/bin/bash in ISPconfig
Reply With Quote
  #6  
Old 7th September 2011, 18:51
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

Does it work when you change /bin/false to /usr/sbin/jk_chrootsh manually?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 7th September 2011, 19:10
aldo aldo is offline
HowtoForge Supporter
 
Join Date: Jan 2011
Posts: 98
Thanks: 35
Thanked 3 Times in 3 Posts
Default

Yes it works.

The strange thing is that now also works with the old configuration.

It seems that the configurations take effect several minutes after being executed.
Reply With Quote
  #8  
Old 7th September 2011, 19:35
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
 
Default

It takes about one minute until the configuration is applied. You can see in the jobqueue of the ispconfig monitor when a job has been executed.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
aldo (8th September 2011)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
problem creating jailed shell users tspau General 12 10th August 2011 16:03
Users created but cannot login (FTP and shell) baskin General 13 18th December 2009 21:05
Problem with Clamav + samba configuration wammy28 HOWTO-Related Questions 8 31st January 2009 20:12
Cacti and ISPConfig: Monitoring Tool VMartins Tips/Tricks/Mods 11 9th August 2008 19:37
Junk mail and spamassassin... sthompson Installation/Configuration 4 27th December 2006 17:11


All times are GMT +2. The time now is 09:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.