Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th April 2012, 14:43
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default SSH user can write the root of the server

Hi guys,

I have enabled a user to create his account on his profile but I have seen that the user can write a folder in the root of the server. Why it is possible?

I have deleted it immediately but now the user needs to connect by ssh shell to continue his work.

The jailkit was activated.

thanks
Reply With Quote
Sponsored Links
  #2  
Old 24th April 2012, 15:07
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 197
Thanks: 25
Thanked 60 Times in 44 Posts
 
Default

Hi vaio1

Thanks god I am not the only one hading fear

I strongly guess he was not able to create files within the root / of your server as jailkit was enabled and this was the jailkit root.

Jailkit works more or less like this:

It creates a chrooted area where the ssh user can work. This area contains folders like bin, var etc. just like your server does. But these are not the root servers directories, but the ones from the jailkit chroot.

So let's say he navigates to /root. This will not be /root like you mean, but (if you are using ISPConfig) something like /var/www/clients/domain.tld/root.

So it's absolutely safe to enable Jailkit, as he can not break out of his jail.

You can read more about this on the official jailkit website.

Case 2 would be, that we really was in the servers root. You could test this by creating a test file within /root. Then login via ssh and go to /root. If you see the file, you have security issues. If not - it's within the jail and everything is safe

I know this is something absolutely off-topic, but you could also have a look into "lshell". It's a very cool package allowing you to jail users into their /home folder (or a defined dir) and restrict allowed commands. In difference to jailkit, it does not create additional folders.
You can also config autoban etc. Just test it out

Regards,
MaddinXx
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig 2.2.37 is available for download. till General 10 19th September 2010 22:53
Debian 5 Ajax error + network interface always shutting down ev0css Installation/Configuration 3 5th June 2010 12:58
messed up apache2-php5 installation klonos HOWTO-Related Questions 2 24th January 2009 23:12
Wrong steps by upgrading ISPC Berry Installation/Configuration 14 14th November 2007 16:27
shared IP with third level domain stefan Installation/Configuration 15 13th June 2007 22:55


All times are GMT +2. The time now is 01:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.