Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #21  
Old 23rd March 2007, 19:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Quote:
Originally Posted by jonwatson
but can the site that the new users belong to exist before turning it on?
Yes, that's no problem.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Sponsored Links
  #22  
Old 23rd March 2007, 19:23
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Ok..so

I guess no one knows how to fix this? I have the same problem on all three of my ISPConfig installs. Two Ubuntu 6.06 and one Debian 3.1.
Reply With Quote
  #23  
Old 25th March 2007, 19:44
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by jonwatson
Ok..so

I guess no one knows how to fix this? I have the same problem on all three of my ISPConfig installs. Two Ubuntu 6.06 and one Debian 3.1.

OK, totally frustrated now. I'm not sure why I can't get any help on this issue, but it's been what...two weeks messing with this?

I hate to do this but I'm going to have to leave ISPConfig over this. I simply cannot run a hosting site that allows users to stomp all over each other's home directories. I'm really against leaving ISPConfig because I'm a huge open source supporter and I'm going to have to go with a proprietary system for this, but I see no option. Not being able to chroot SSH users is a fatal flaw.

Does anyone have ANY last things I can try before I start rebuilding my server? Anything at all...?????
Reply With Quote
  #24  
Old 25th March 2007, 20:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,501 Times in 4,330 Posts
Default

Chrooting SSH users is really easy, I dont know why it works not for you on your system. The only thin you have to do is to compile a SSH daoemon with chroot SSH support and then enable chrooting in ISPConfig. I've done this on many servers and it always worked prefectly for me.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #25  
Old 25th March 2007, 20:43
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till
Chrooting SSH users is really easy, I dont know why it works not for you on your system. The only thin you have to do is to compile a SSH daoemon with chroot SSH support and then enable chrooting in ISPConfig. I've done this on many servers and it always worked prefectly for me.
I agree that I seem to be having more problems than some, but I now have three ISPConfig boxes which exhibit the same symptoms. CHROOTing doesn't work on any of them.

I followed Falko's tutorial (was it Falkos?) on installing the CHROOT environment in Debian. There were no obvious errors during the install and it seemed to go as planned.

I then enabled the chroot setting in the /home/admispconfig/ispconfig/lib/ispconfig.inc.php file by setting it to 1.

When I create new users, their passwd entry looks like this:

Code:
username:x:10009:10004:Working User:/var/www/web4/user/username/./:/bin/bash
(I've munged the username) but the '.' part is there which seems to be correct.

The CHROOT scripts seem to be copied over correctly as I see etc, bin, lib directories in the site's home directory.

Yes, whenever a user attempts to log in, they are punted with the error that /bin/bash cannot be found.

The bin directory in the site's home dir contains:
Code:
drwxr-xr-x   2 root             root    4096 Mar 24 11:01 .
drwxr-xr-x  12 munged.com web11   4096 Mar 25 11:41 ..
-rwxr-xr-x   1 root             root  625228 Mar 25 11:35 bash
-rwxr-xr-x   1 root             root   75948 Mar 25 11:35 ls
-rwxr-xr-x   1 root             root   20888 Mar 25 11:35 mkdir
-rwxr-xr-x   1 root             root   55340 Mar 25 11:36 mv
-rwsr-xr-x   1 root             root   30764 Mar 25 11:36 ping
-rwxr-xr-x   1 root             root   13848 Mar 25 11:36 pwd
-rwxr-xr-x   1 root             root   30712 Mar 25 11:36 rm
-rwxr-xr-x   1 root             root  163852 Mar 25 11:36 tar
So...I'm lost. Everything seems to be set up OK - but user's can't log in.

That's what I need help troubleshooting. There must be some reason why user accounts can't find /bin/bash once chrooted.

I am *extremely* motivated to fix this as I really can't fathom how I'm going to move my entire infrastructure off of ISPConfig.

Last edited by jonwatson; 25th March 2007 at 20:48.
Reply With Quote
  #26  
Old 26th March 2007, 00:02
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,501 Times in 4,330 Posts
Default

Are you really sure that you run the SSHD that you compiled with chroot support and not accidently your old sshd?

Please post the output of:

locate sshd

(you must have the locate tool installed for this and maybe its a good idea to run the "updatedb" command before you execute the locate command.)
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #27  
Old 26th March 2007, 00:28
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
Default

Quote:
Originally Posted by till
Are you really sure that you run the SSHD that you compiled with chroot support and not accidently your old sshd?

Please post the output of:

locate sshd

(you must have the locate tool installed for this and maybe its a good idea to run the "updatedb" command before you execute the locate command.)
I never thought of that. I assumed the new installation of the patched SSH would overwrite the old one.

I don't see more than one, though....do you?

Code:
rex:/# locate sshd
/etc/logwatch/conf/services/sshd.conf
/etc/logwatch/conf/services/sshd2.conf
/etc/ssh/sshd_config
/usr/local/share/man/man5/sshd_config.5
/usr/local/share/man/man8/sshd.8
/usr/sbin/sshd
/usr/share/logwatch/scripts/services/sshd
/usr/share/logwatch/scripts/services/sshd2
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sshd.8.gz
/usr/share/vim/vim63/syntax/sshdconfig.vim
/var/run/sshd
/var/run/sshd.pid
Reply With Quote
  #28  
Old 26th March 2007, 04:40
jonwatson jonwatson is offline
Senior Member
 
Join Date: Feb 2007
Posts: 176
Thanks: 15
Thanked 3 Times in 3 Posts
 
Default Solved!

Got it!

The file ld-linux.so.2 isn't being copied into the chrooted lib/ when new users are created. Without it, bash fails.

I'll investigate why this is and try to fix it. I assume I can add it to the create_chroot_env.sh script...

Edit:

There are actually two libraries that bash requires which are not copied over for some reason. They ARE listed in ldd so I don't know why they don't copy.

As a temporary kludgy hack, I have added the following two lines to /root/ispconfig/scripts/shell/create_chroot_env.sh

Code:
cp /lib/ld-linux.so.2 ./lib/ 
cp lib/tls/libdl.so.2 ./lib/tls/

Last edited by jonwatson; 26th March 2007 at 05:19. Reason: SOLVED
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig & Bind chroot not starting awd.pt Installation/Configuration 2 29th January 2008 11:28
FC4 Setup DNS and ISPCONFIG issues The General Installation/Configuration 7 15th May 2006 10:45
ISPConfig 2.3.1-dev released till General 0 8th May 2006 23:18
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 16:16
Apache chroot please, for ISPConfig and ubuntu breezy! :) danf.1979 Suggest HOWTO 0 3rd April 2006 03:46


All times are GMT +2. The time now is 03:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.