bad permission creating shell user with rsa key

Discussion in 'Developers' Forum' started by redwiz, Dec 1, 2011.

  1. redwiz

    redwiz New Member

    I don't know if this is the right forum to post, but i think i discovered a bug in shelluser creation procedure.

    I downloaded and installed ispconfig last version (no sources modification made).

    if i try to create a shell user ,both with o without chroot, and also provide a public rsa key evereything works fine, the user is created, and also ~/.ssh and ~/.ssh/authorized_keys are.

    The problem is that ~/.ssh and ~/.ssh/authorized_keys are created owned by root , so i had to change manually the permission to let ssh work for that user.

    Taking a look inside the sources i realized that in both

    shelluser_jailkit_plugin.inc.php
    and
    shelluser_base_plugin.inc.php

    the line that is suposed to give the right owner
    (at the very end of the files)

    exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir);


    is commented out.

    Am i right or i miss something?

    thanks in advance to every answer

    Andrea Consigli
     
  2. till

    till Super Moderator

    The chown command is commented out as it destroyed the jail for every shell user. I guess we will have to add a selctive chown for the .ssh subdirectory then.
     
  3. redwiz

    redwiz New Member


    First of all, thanks for the reply.

    So you mean that now the function is not working properly, not my bad usage.
    Unfortunately i don't know how jailkit works, so i didn't understad what you mean with:
    "it destroyed the jail for every shell user".

    What exactly happen after that chown?

    Finally, if you want tell me how the problem can be fixed, i can write a patch and send it back to you once finished.

    thanks

    Andrea Consigli
     
  4. till

    till Super Moderator

    All files are woned by the wrong user. In a jail, several files have to be owned by the root user and not the jailed shell user and that chown command changed all files to the shell user which destroyed the jail.

    The fix will most likely be to add the following code where the two commented out chown lines are:

    Code:
    exec("chown -R ".escapeshellcmd($this->data['new']['puser']).":".escapeshellcmd($this->data['new']['pgroup'])." ".$usrdir.'/home/'.escapeshellcmd($this->data['new']['puser']).'/.ssh');
     

Share This Page