Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th April 2010, 17:11
GoremanX GoremanX is offline
Member
 
Join Date: Apr 2010
Posts: 50
Thanks: 2
Thanked 0 Times in 0 Posts
Default chroot SSH Session Has Empty Directories

I've got ISPConfig 3.0.2.1 successfully running on Ubuntu 9.10. Everything seems to be working well, except for one thing. When a user logs into his site using SSH, everything seems to work right, but the directories are empty. The user gets logged into /home/[USERNAME]xxx and the filesystem looks as follows:

Code:
/home/web1
/home/[USERNAME]xxx
/home/[USERNAME]xxx/.bash_history
/home/[USERNAME]xxx/.cache
/home/[USERNAME]xxx/.cache/motd.legal-displayed
That's all, nothing else. On the other hand, when the user logs in via ftp, everything that should be there is displayed. (bin, cgi-bin, dev, etc, web site contents, so on, so forth).

Last edited by GoremanX; 17th April 2010 at 17:27.
Reply With Quote
Sponsored Links
  #2  
Old 17th April 2010, 17:14
GoremanX GoremanX is offline
Member
 
Join Date: Apr 2010
Posts: 50
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Immediately after my post above, I tried disabling the jailkit chroot option. Now everything works as expected, except of course that the user is no longer chrooted and that sucks.

Last edited by GoremanX; 17th April 2010 at 17:26.
Reply With Quote
  #3  
Old 26th April 2010, 20:35
GoremanX GoremanX is offline
Member
 
Join Date: Apr 2010
Posts: 50
Thanks: 2
Thanked 0 Times in 0 Posts
Default

hello? Little help? This was over a week ago...
Reply With Quote
  #4  
Old 26th April 2010, 22:17
mike_p mike_p is offline
Senior Member
 
Join Date: Mar 2010
Location: Surrey, England
Posts: 140
Thanks: 9
Thanked 28 Times in 17 Posts
Default

What are the permissions for, say, bin and dev compared with .cache. (ie run ls -la on the user's home account when logged in via ssh as root)

I'm using Centos so things may be a bit different: I'm a bit surpised that the ssh access puts him into /home/web1. I thought the default for ISPConfig was for user to have his home directory in /var/www/web1.
Have you changed the default address for client accounts?
Reply With Quote
  #5  
Old 26th April 2010, 22:58
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,466
Thanks: 813
Thanked 5,253 Times in 4,119 Posts
Default

Quote:
That's all, nothing else. On the other hand, when the user logs in via ftp, everything that should be there is displayed. (bin, cgi-bin, dev, etc, web site contents, so on, so forth).
Thats fine. There is nothing more in the homedir of course, as the user is in its jail. Do a:

cd /

to see the full filesystem.

Logging in with FTP is something completely different, the FTP user is a virtual user and no system user so the ftp user is in the / directory directly after login.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 26th April 2010, 23:43
GoremanX GoremanX is offline
Member
 
Join Date: Apr 2010
Posts: 50
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by mike_p View Post
What are the permissions for, say, bin and dev compared with .cache. (ie run ls -la on the user's home account when logged in via ssh as root)
I just tried this again with a new account. When logged in as root, ls -al gives me:

Code:
root# ls /var/www/fpzhosting.com/home -al
total 4
drwxr-x--x  5 root root      55 2010-04-26 17:06 .
drwxr-xr-x 14 root root    4096 2010-04-26 02:33 ..
drwxr-xr-x  2 web1 client1    6 2010-04-26 00:38 fpzhosting_1
drwxr-xr-x  3 web1 client1   19 2010-04-26 17:06 fpzhosting_2
drwxr-xr-x  2 web1 client1    6 2010-04-26 00:38 web1

root# ls /var/www/fpzhosting.com/home/fpzhosting_2 -al
total 0
drwxr-xr-x 3 web1 client1 19 2010-04-26 17:06 .
drwxr-x--x 5 root root    55 2010-04-26 17:06 ..
drwxr-xr-x 2 web1 client1 33 2010-04-26 17:06 .cache
When logged in as the user fpzhosting_2 (who is using jailkit), ls -al gives me:

Code:
fpzhosting_2:~$ ls -al
total 0
drwxr-xr-x 3 fpzhosting_1 client1 19 Apr 26 21:06 .
drwxr-x--x 5 root         root    55 Apr 26 21:06 ..
drwxr-xr-x 2 fpzhosting_1 client1 33 Apr 26 21:06 .cache
Which of course makes no sense since the user is fpzhosting_2. Trying to ls any directory other than /home/fpzhosting_2 gives me a "Permission denied" error, even if I try to ls /home. If I log in as fpzhosting_1 (who is not using jailkit), then I end up at the /var/www/clients/client1/web1 directory and can travel through the entire directory structure of the server.

Quote:
Originally Posted by mike_p View Post
I'm using Centos so things may be a bit different: I'm a bit surpised that the ssh access puts him into /home/web1. I thought the default for ISPConfig was for user to have his home directory in /var/www/web1.
Have you changed the default address for client accounts?
I haven't changed anything. I got the exact same behaviour when I tried this with Ubuntu 9.10.

As an experiment, I tried deleting all shell user accounts and re-creating the fpzhosting_1 user with Jailkit enabled... and all the web-related directories were DESTROYED! The www and cgi-bin directories (perhaps among others) are just GONE!!! WTF?!? All my hard work has been deleted! (I never left the Shell window in ISPConfig 3, according to the control panel, the site still exists)

Code:
root# ls /var/www/clients/client1/web1/ -al
total 12
drwxr-xr-x 10 root root   87 2010-04-26 17:25 .
drwxr-xr-x  3 root root   38 2010-04-26 17:25 ..
drwxr-xr-x  2 root root 4096 2010-04-26 17:25 bin
drwxr-xr-x  2 root root   41 2010-04-26 17:25 dev
drwxr-xr-x  6 root root 4096 2010-04-26 17:25 etc
drwxr-xr-x  3 root root   17 2010-04-26 17:31 home
drwxr-xr-x  5 root root 4096 2010-04-26 17:25 lib
drwxrwxrwx  2 root root    6 2010-04-26 17:25 tmp
drwxr-xr-x  6 root root   49 2010-04-26 17:25 usr
drwxr-xr-x  3 root root   16 2010-04-26 17:25 var

Quote:
Originally Posted by till View Post
Thats fine. There is nothing more in the homedir of course, as the user is in its jail. Do a:

cd /

to see the full filesystem.
Please re-read my original post. There I gave you a complete directory listing for the ENTIRE filesystem when a user is logged in with Jailkit enabled, starting from / (there was only /home under /)

Quote:
Originally Posted by till View Post
Logging in with FTP is something completely different, the FTP user is a virtual user and no system user so the ftp user is in the / directory directly after login.
I don't really care where I end up when I log in, it's a simple matter to switch directory when I log in. My point is there is NO directory structure visible when logged in using ssh and jailkit. The vhost directory structure does not exist.

Not that any of this matters, if it's this easy to accidentally DELETE the entire web site, then I'm concerned about what other bugs lurk beneath the code. I have no intention of using this software on a production server if that's the case.
Reply With Quote
  #7  
Old 26th April 2010, 23:53
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,466
Thanks: 813
Thanked 5,253 Times in 4,119 Posts
Default

Quote:
Not that any of this matters, if it's this easy to accidentally DELETE the entire web site, then I'm concerned about what other bugs lurk beneath the code. I have no intention of using this software on a production server if that's the case.
Not sure what you did but deleting a shell user in ispconfig does not delete any website content of course. Just tested this on my servers and it works as expected, no web content gets deleted. Only the shell user gets removed.

So which exact ispconfig version do you use and which jailkit version? Did you ollow exactly the setup guide?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 27th April 2010, 00:22
GoremanX GoremanX is offline
Member
 
Join Date: Apr 2010
Posts: 50
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
Not sure what you did but deleting a shell user in ispconfig does not delete any website content of course. Just tested this on my servers and it works as expected, no web content gets deleted. Only the shell user gets removed.

So which exact ispconfig version do you use and which jailkit version? Did you ollow exactly the setup guide?
As stated in the first post, I was using ISPConfig 3.0.2.1 . I used Jailkit 2.11 (the setup guide called for 2.10, but the setup guide was written before Jailkit 2.11 was released). I followed the guide precisely, with the exception of the latest versions of Jailkit and ISPConfig versions.

If ISPConfig 3 can't do that, then why did it happen? The directories are just GONE!

And on a side note, why am I seeing this in the system log every 5 minutes?

Code:
Apr 26 14:35:01 domU-12-31-39-09-25-65 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Apr 26 14:35:01 domU-12-31-39-09-25-65 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Reply With Quote
  #9  
Old 27th April 2010, 00:35
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,466
Thanks: 813
Thanked 5,253 Times in 4,119 Posts
Default

The jailed users are deletd by the scripts provided by jailkit and not by scripts from ispconfig. If I remember correctly, there was a bug in a jailkit version that caused a similar problem some time ago, maybe it has been reintroduced in the last version. So your problem is most likely related to the jailkit version. We can try to do some more tests if you file a bugreport (http://bugtracker.ispconfig.org) about this possible incopatibility and we will contact the jailkit developer if it can be reproduced.

Regarding your other question: The log lines are from the monitoring system, which checks every 5 minutes if all services are working correctly on the server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 27th April 2010, 02:02
GoremanX GoremanX is offline
Member
 
Join Date: Apr 2010
Posts: 50
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default

I wish I could reproduce it, but I can't. I've tried everything and it's not happening again. All my work is just gone, and I can't figure out why... this isn't a production server (yet), so backups weren't in place until everything was setup. This is so incredibly aggravating.

I don't see much point in filing a bug report for something I can't even reproduce. I don't know what I did to cause this. One shell account was clearly misbehaving with incorrect permissions, and removing all accounts at that point caused incorrect directories to disappear.

One thing I do notice is that the directories that were deleted were exactly the ones that get created by ISPConfig 3 when a new site is created (before any ftp or shell users are added). A skeleton site looks like the following:

Code:
root# ls /var/www/clients/client1/web1 -al
total 0
drwxr-x--x 6 web4 client1 60 2010-04-26 19:52 .
drwxr-xr-x 3 root root    35 2010-04-26 19:52 ..
drwxr-x--x 2 web4 client1  6 2010-04-26 19:52 cgi-bin
lrwxrwxrwx 1 web4 client1 36 2010-04-26 19:52 log -> /var/log/ispconfig/httpd/fpztest.com
drwxr-x--x 2 web4 client1  6 2010-04-26 19:52 ssl
drwxrwxrwx 2 web4 client1  6 2010-04-26 19:52 tmp
drwx--x--- 4 web4 client1 98 2010-04-26 19:52 web
Once a shell user is added, it looks like this:

Code:
root# ls /var/www/clients/client1/web1 -al
total 8
drwxr-xr-x 11 root root     130 2010-04-26 19:56 .
drwxr-xr-x  3 root root      35 2010-04-26 19:52 ..
-rwxr-xr-x  1 web4 client1    0 2010-04-26 19:56 .bash_history
drwxr-xr-x  2 root root    4096 2010-04-26 19:56 bin
drwxr-x--x  2 web4 client1    6 2010-04-26 19:52 cgi-bin
drwxr-xr-x  3 root root     142 2010-04-26 19:56 etc
drwxr-xr-x  4 root root    4096 2010-04-26 19:56 lib
lrwxrwxrwx  1 web4 client1   36 2010-04-26 19:52 log -> /var/log/ispconfig/httpd/fpztest.com
drwxr-x--x  2 web4 client1    6 2010-04-26 19:52 ssl
drwxrwxrwx  2 web4 client1    6 2010-04-26 19:52 tmp
drwxr-xr-x  4 root root      26 2010-04-26 19:56 usr
drwxr-xr-x  3 root root      16 2010-04-26 19:56 var
drwx--x---  4 web4 client1   98 2010-04-26 19:52 web
And after "the incident" (immediately after I deleted all shell users and created a new one), it looked like this:

Code:
root# ls /var/www/clients/client1/web1/ -al
total 12
drwxr-xr-x 10 root root   87 2010-04-26 17:25 .
drwxr-xr-x  3 root root   38 2010-04-26 17:25 ..
drwxr-xr-x  2 root root 4096 2010-04-26 17:25 bin
drwxr-xr-x  2 root root   41 2010-04-26 17:25 dev
drwxr-xr-x  6 root root 4096 2010-04-26 17:25 etc
drwxr-xr-x  3 root root   17 2010-04-26 17:31 home
drwxr-xr-x  5 root root 4096 2010-04-26 17:25 lib
drwxrwxrwx  2 root root    6 2010-04-26 17:25 tmp
drwxr-xr-x  6 root root   49 2010-04-26 17:25 usr
drwxr-xr-x  3 root root   16 2010-04-26 17:25 var
Of course, it's possible that the entire contents of the /var/www/clients/client1/web1/ directory got deleted and the shell-related directories got added back when I re-created a shell user.

Is there a log file for Jailkit somewhere?

It's a conundrum... I absolutely need a chroot jail for ssh users, but I can't be running these kinds of risks on a production server. For the most part I like ISPConfig 3 so far, it serves our needs well. I'm not sure what to do anymore...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Vhosts...conf not synced to changes crypted General 50 24th April 2010 00:54
Question about Virtual Hosting With Proftpd And MySQL (Incl. Quota) On Debian Etch ikkem HOWTO-Related Questions 30 26th February 2008 19:38
FTP Error joshabts Installation/Configuration 3 4th November 2006 16:19
Website users? ctroyp General 25 6th January 2006 18:02


All times are GMT +2. The time now is 08:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.