Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 24th August 2011, 22:09
Coilernl Coilernl is offline
Junior Member
 
Join Date: Aug 2011
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default SSH user not able to resolv hostnames

Somehow when an user (made by ispconfig in chrooted jail) logs in he can't resolve any hostnames, using the wget (or svn) commands he just gets "Resolving {ADDRESS}... failed: Name or service not known.
wget: unable to resolve host address"

this only seems to occur with chrooted users, normal users can just do everything.

I've probably missed something, I just can't seem to find out what

Thanks in advance,
Reply With Quote
Sponsored Links
  #2  
Old 25th August 2011, 09:26
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

I'm guessing the jailrooted user is missing the file /etc/resolv.conf ?

Try copying that file to the users' jailroot and see if it resolves the problem.

I've tested this on the svn version and seems to work just fine.
Reply With Quote
  #3  
Old 25th August 2011, 09:28
Coilernl Coilernl is offline
Junior Member
 
Join Date: Aug 2011
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default

The user is getting the resolv.etc file, can open it and it contains the right data.
Should have put that in my first post
Reply With Quote
  #4  
Old 25th August 2011, 09:41
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

So as a jailed user commands like nslookup/dig/host don't work, but as a regular shell user they do?
Reply With Quote
  #5  
Old 25th August 2011, 10:08
Coilernl Coilernl is offline
Junior Member
 
Join Date: Aug 2011
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by Mark_NL View Post
So as a jailed user commands like nslookup/dig/host don't work, but as a regular shell user they do?
Hadn't tried the host command yet, this works (nslookup and dig are not in my chroot)

Heres the output of host, ping and wget:
Code:
test@{MYSERVER}:/tmp$ host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 74.125.77.104
www.l.google.com has address 74.125.77.147
www.l.google.com has address 74.125.77.99

test@{MYSERVER}:/tmp$ ping www.google.com
ping: unknown host www.google.com
test@{MYSERVER}:/tmp$ wget www.google.com
--2011-08-25 08:03:34--  http://www.google.com/
Resolving www.google.com... failed: Name or service not known.
wget: unable to resolve host address `www.google.com'
somehow the host command works fine even though the ping and wget fail
Reply With Quote
  #6  
Old 25th August 2011, 10:28
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 99 Times in 95 Posts
Default

Try setting the nameservers to the ones of opendns and try again:

nameserver 208.67.222.222
nameserver 208.67.220.220

replace these with the one in your /etc/resolv.conf
Reply With Quote
  #7  
Old 25th August 2011, 10:45
Coilernl Coilernl is offline
Junior Member
 
Join Date: Aug 2011
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by Mark_NL View Post
Try setting the nameservers to the ones of opendns and try again:

nameserver 208.67.222.222
nameserver 208.67.220.220

replace these with the one in your /etc/resolv.conf
Tried that and doesn't help (I was already using the google DNS servers anyway).
I'm thinking it has to do with certain files not being copied.
Reply With Quote
  #8  
Old 26th August 2011, 14:46
Coilernl Coilernl is offline
Junior Member
 
Join Date: Aug 2011
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
Default

Nobody else that has an idea where I should look for this problem?
I would like to continue working on testing ISPconfig
Reply With Quote
  #9  
Old 27th August 2011, 12:26
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Can you try this?
http://osdir.com/ml/apache.mod-secur.../msg00008.html
http://forum.nginx.org/read.php?3,212362

You probably need to add the libnss_files and libnss_dns libraries to the chroot environment.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 29th August 2011, 09:12
Coilernl Coilernl is offline
Junior Member
 
Join Date: Aug 2011
Posts: 12
Thanks: 0
Thanked 1 Time in 1 Post
 
Default

Falko, when looking at the 2nd problem I test it using an php script and it works fine (no dns problem) and the output is:
Code:
Array ( [0] => Array ( [host] => www.howtoforge.com [type] => A [ip] => 188.40.16.205 [class] => IN [ttl] => 180 ) )
Which looks fine to me, would it still be usefull to add those files (from the first link) to my chrooted jail?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My Server Is Sending Spam. How Do I Block This? LordJ Server Operation 1 7th July 2011 19:34
ispconfig 2 ftp / ssh issues? dw5304 General 6 7th April 2010 16:00
Anything I can do against illegal login-requests? schmidtedv Installation/Configuration 17 7th November 2008 09:25
Restricting SSH and FTP user to a specific directory infernon Installation/Configuration 2 6th June 2007 18:36
log files cruz Technical 3 15th May 2007 14:35


All times are GMT +2. The time now is 04:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.