Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 11th March 2007, 18:08
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till
The directory /home/chroot/bin is not of interest for ISPConfig, as the users where chrooted to their home directory which is not /home/chroot/.
I just discovered that

Quote:
Originally Posted by till
Please post ls -la from the home directory of one of the users.
Code:
user/test.jonwatson# ls -la
total 144
drwxr-xr-x  8 test.jonwatson web13  4096 Mar  9 10:17 .
drwxr-xr-x  4 me.jonwatson   web13  4096 Mar  9 10:17 ..
-rw-r--r--  1 root           root    103 Mar 11 10:22 .antivirus.rc
-rw-r--r--  1 root           root    788 Mar 11 10:22 .autoresponder.rc
-rw-------  1 test.jonwatson web13    24 Mar 11 10:22 .forward
-rw-r--r--  1 root           root  67866 Mar 11 10:22 .html-trap.rc
-rw-r--r--  1 root           root   3889 Mar 11 10:22 .local-rules.rc
-rw-r--r--  1 root           root    204 Mar 11 10:22 .mailsize.rc
-rw-r--r--  1 root           root    492 Mar 11 10:22 .procmailrc
-rw-r--r--  1 root           root    656 Mar 11 10:22 .quota.rc
-rw-r--r--  1 root           root   1151 Mar 11 10:22 .spamassassin.rc
-rw-r--r--  1 root           root   2039 Mar 11 10:22 .user_prefs
-rw-r--r--  1 root           root     32 Mar 11 10:22 .vacation.msg
drwx------  5 test.jonwatson web13  4096 Mar  9 10:17 Maildir
drwxr-xr-x  2 root           root   4096 Mar  9 10:17 bin
drwxr-xr-x  2 root           root   4096 Mar  9 10:17 etc
drwxr-xr-x  3 root           root   4096 Mar  9 10:17 lib
drwxr-xr-x  4 root           root   4096 Mar  9 10:17 usr
drwxrwxr-x  2 test.jonwatson web13  4096 Mar  9 10:17 web
I've also tried changing ownership to test.jonwatson/web13 for all the bin, etc, lib...etc...files but that didn't help.

Weird thing (to me) is that I can su to test.jonwatson from root with no problem. I just can't log on with the test.jonwatson account.

Quote:
Originally Posted by till
Yes. Because other users that you edir are not of interest for this chroot enviroment.
Ah, OK, thanks.
Reply With Quote
Sponsored Links
  #12  
Old 19th March 2007, 19:46
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Any ideas on this?

I've just tried the same HOWTO on a fresh ISPConfig install and I get the same results. My newly chrooted users cannot log in.

I received no errors during the HOWTO, and everything seems to be in the correct place.

How do I troubleshoot this?

Thanks!
Reply With Quote
  #13  
Old 19th March 2007, 23:46
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

I seem to have it working now.

This text file helped me out. Seems I was missing some of the link libraries.

http://www.danielclemente.com/amarok/chroot.txt

I would like to know how ISPConfig knows that files to copy into each new user's chrooted home, though. I'd like to add some apps to the list. Can you tell me where that list is?

Thanks!
Reply With Quote
  #14  
Old 20th March 2007, 05:16
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

And me again.

I didn't test new users before I made my last post. New users are chrooted properly in the /etc/passwd file, but no files are moved into their home directories. Therefore, they get the same no /bin/bash error.

I do have the chroot setting in the config.inc.php file set to 1.

Seriously, this seems to be a pretty hot issue but there doesn't seem to be any resolution on it. Many people have followed the tutorial, but it doesn't seem as if anyone actually has chrooted users running. I hate to say it, but if I can't get chrooted users, I'm going to have to leave ISPConfig. I can't have users running all over each other's home directories. I know this isn't an ISPConfig issue specifically, but let's face it - chrooted users is a requirement in a shared hosting environment.

Can someone (Till? Falko? Anyone?) definitely tell us how to do this or how to troubleshoot it?

Thanks!
Reply With Quote
  #15  
Old 20th March 2007, 08:37
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,771
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Quote:
Seriously, this seems to be a pretty hot issue but there doesn't seem to be any resolution on it. Many people have followed the tutorial, but it doesn't seem as if anyone actually has chrooted users running. I hate to say it, but if I can't get chrooted users, I'm going to have to leave ISPConfig. I can't have users running all over each other's home directories. I know this isn't an ISPConfig issue specifically, but let's face it - chrooted users is a requirement in a shared hosting environment.
The howto and chrooting in ISPConfig works perfectly. Why does everyone always forget that poeple with a working setup dont post here in the forum, so its naturally that you find many posts about not working setups here...
ISPConfig is downloaded and installed about 400 - 500 times a day and we have really few problems here in the forum compared to that number of installtions!

How to do this:

1) Install a SSH daemon that supports chrooting.
2) Enable chrooting in ISPConfig in the file /home/admispconfig/ispconfig/config.inc.php
3) Every newly created or updated user is chrooted by ISPConfig. ISPConfig runs the script /root/ispconfig/scripts/shell/create_chroot_env.sh automatically to copy the needed binaries and dependencies to the chroot enviroment.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #16  
Old 20th March 2007, 13:40
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till
The howto and chrooting in ISPConfig works perfectly. Why does everyone always forget that poeple with a working setup dont post here in the forum, so its naturally that you find many posts about not working setups here...
ISPConfig is downloaded and installed about 400 - 500 times a day and we have really few problems here in the forum compared to that number of installtions!

How to do this:

1) Install a SSH daemon that supports chrooting.
2) Enable chrooting in ISPConfig in the file /home/admispconfig/ispconfig/config.inc.php
3) Every newly created or updated user is chrooted by ISPConfig. ISPConfig runs the script /root/ispconfig/scripts/shell/create_chroot_env.sh automatically to copy the needed binaries and dependencies to the chroot enviroment.

That's true, I guess. No news is good news. I always try to come back to a forum and post when I have solved a problem but you're right if I didn't have a problem in the first place I wouldn't.

It seems that the part that is failing for me is the create_chroot_env.sh script. As I stated, new users are created in the passwd file with the correct chroot indicator, but the binaries are not copied over to their home directory.

When I atttempt to manually run the create_chroot_env.sh file it fails with the following errors:

Code:
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libdl.so.2': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/librt.so.1': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libpthread.so.0': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libdl.so.2': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libdl.so.2': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libdl.so.2': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libdl.so.2': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libresolv.so.2': No such file or directory
cp: cannot create regular file `.//usr/lib/i686/cmov/libcrypto.so.0.9.8': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libutil.so.1': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libnsl.so.1': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libcrypt.so.1': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libdl.so.2': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libresolv.so.2': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/librt.so.1': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libpthread.so.0': No such file or directory
cp: cannot stat `(0xffffe000)': No such file or directory
cp: cannot create regular file `.//lib/tls/i686/cmov/libc.so.6': No such file or directory
I have already removed the code that puts the extra '/' in before the path.

I also notice that the driectories where these files would be copied to are created in the /var/www/webX directory instead of the user's home directory. Is that right?

I see that the script contains full paths so I don't think it matters what directory I am in when I run this script...does it?

I suspect this is the last bit that I need to figure out and then it will all work.
Reply With Quote
  #17  
Old 21st March 2007, 14:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by jonwatson
When I atttempt to manually run the create_chroot_env.sh file it fails with the following errors:
What's in that script? Which distribution do you use?
Quote:
Originally Posted by jonwatson
I also notice that the driectories where these files would be copied to are created in the /var/www/webX directory instead of the user's home directory. Is that right?
Yes.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #18  
Old 21st March 2007, 15:26
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by falko
What's in that script? Which distribution do you use?

The script contains this:

Code:
#!/bin/bash

#
# Usage: ./create_chroot_env username
#

# Here specify the apps you want into the enviroment
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/zi
p /bin/tar /usr/bin/dircolors"

# Sanity check
if [ "$1" = "" ] ; then
        echo "    Usage: ./create_chroot_env username"
        exit
fi

# Obtain username and HomeDir
CHROOT_USERNAME=$1
HOMEDIR=`grep /etc/passwd -e "^$CHROOT_USERNAME"  | cut -d':' -f 6`
cd $HOMEDIR

# Create Directories no one will do it for you
mkdir etc
mkdir bin
mkdir usr
mkdir usr/bin

# Create short version to /usr/bin/groups
# On some system it requires /bin/sh, which is generally unnessesary in a chroot cage

echo "#!/bin/bash" > usr/bin/groups
echo "id -Gn" >> usr/bin/groups

# Add some users to ./etc/paswd
grep /etc/passwd -e "^root" -e "^$CHROOT_USERNAME" > etc/passwd
grep /etc/group -e "^root" -e "^$CHROOT_USERNAME" > etc/group

# Copy the apps and the related libs
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraryes
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
 LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir ./`dirname $l` > /dev/null 2>&1
                        cp $l ./$l
                done
        fi
done
I am running Debian 3.1 and ISPConfig 2.2.11.

Thanks!
Reply With Quote
  #19  
Old 22nd March 2007, 17:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/zi
p /bin/tar /usr/bin/dircolors"
I hope this is in one line in your script instead of two?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #20  
Old 22nd March 2007, 18:16
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
 
Default

Quote:
Originally Posted by falko
I hope this is in one line in your script instead of two?
Yes, sorry - a bad paste on my part. It is one line in my script.

Question: I know that the chroot only affects new users after I have turned it on in the config.inc.php file, but can the site that the new users belong to exist before turning it on?

I ask because since the files copy to the site's top directory perhaps the site itself has to be created after chrooting is turned on.

Any truth to that?

Thanks!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig & Bind chroot not starting awd.pt Installation/Configuration 2 29th January 2008 10:28
FC4 Setup DNS and ISPCONFIG issues The General Installation/Configuration 7 15th May 2006 09:45
ISPConfig 2.3.1-dev released till General 0 8th May 2006 22:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16
Apache chroot please, for ISPConfig and ubuntu breezy! :) danf.1979 Suggest HOWTO 0 3rd April 2006 02:46


All times are GMT +2. The time now is 03:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.