Cannot execute /usr/sbin/jk_chrootsh: No such file or directory

Discussion in 'Installation/Configuration' started by jaypabs, Jun 14, 2013.

  1. jaypabs

    jaypabs Member

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    jailkit seems to be not installed. Please redo the jailkit installation steps from the tutorial.
     
  3. jaypabs

    jaypabs Member

    I reinstalled it again but now nothing happens when I login:

    Code:
    root@philartist:/home# su - rolanit
    root@philartist:/home#
    
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to login from external with ssh. Beside that, the jail is most likely broken as jailkit was not installed correctly at the time you created the website, so it might be nescssary to delete the website in ispconfig and then create the site and ssh user again.
     
  5. jaypabs

    jaypabs Member

    I have already deleted the website. But still the user can browse outside his directory.

     
  6. jaypabs

    jaypabs Member

    I have also noticed, that there's no directory created under /home. Supposed to be it should /home/rolanit. As the configuration of jailkit under "Jailkit chroot home" the value is /home/[username].

    I'm wondering also because when I login to the chrooted account, I was redirected to /var/www/clients/client1/web1, which is correct. But why the value of "Jailkit chroot home" is "/home/[username".


     
  7. jaypabs

    jaypabs Member

    I just found out that I cannot see the directory of other users, but including the files of the logged in user. When I logged in, I was redirected to /home/rolanit. And I can't find any files in there.
     
  8. jaypabs

    jaypabs Member

  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Are you sure that you can go outside of this directory? In the jail, there are copies of directories like /home and /usr, so the jail looks very similar to a real / directory.
     
  10. ItsDom

    ItsDom New Member

    Look in your /etc/passwd file and find out what shell the web user is loading - somewhere near the end, it should say something along the lines of:

    Code:
    web31:x:5004:5006::/path/to/clients/client27/web31/./home/shellusername:/usr/sbin/jk_chrootsh
    The key part there is the last bit /usr/sbin/jk_chrootsh which dictates what shell the user is presented with when they login. If it's not setup correctly, it will probably say /bin/bash or similar which basically means it's loading the normal unrestricted shell.

    Regarding the "Jailkit Chroot Home" folder, I think that is the home folder INSIDE the chroot jail that the shell user will be taken to when they first login.

    Also, turn on debugging then delete and recreate the client, the website, and the shell user. Then look in the logs and see if there are any errors when creating the jail.
     
  11. jaypabs

    jaypabs Member

    Thanks for the reply.

    Here's the line in /etc/passwd:

    web5:x:5004:5005::/var/www/clients/client1/web5/./home/jaypabs_qn:/usr/sbin/jk_chrootsh
    jaypabs_qn:x:5004:5005::/var/www/clients/client1/web5/./home/jaypabs_qn:/usr/sbin/jk_chrootsh

    After creating a website and a shell-user I cannot login to sftp or even sshing...

    What's the problem with this? And also how can I turn on debugging? I'm really figuring out several hours ago on where can I find the error log. I tried auth.log without luck.

    Please help.
     
  12. jaypabs

    jaypabs Member

    Yes I am sure. Because after I login using sftp, I can navigate to /etc, /var and other folder.
     
  13. ItsDom

    ItsDom New Member

    To turn on debug, login as admin, go to system > server config > yourserver.domain and change "log level" to debug. Then go to monitor then show system log to view the log file through ispconfig.

    Are you SURE you can go outside the directory? jailkit makes a chroot jail. A chroot jail effectively changes what is considered as root. However, if you were to just chroot to /your/clients/folder/clientx/webx/ with just your website stuff in there, nothing would work, because as far as the shell is concerned, that's all there is, your web stuff. So even basic things like the ls commands wouldn't work because that's located in /bin/ls which the jail doesn't know about because it only knows of everything below /your/clients/clientx/webx. So what jailkit does is create a copy of all the required applications (the ones listed under "chroot jail applications") and puts them in /your/clients/folder/clientx/webx/, replicating the folder structure. (This is 1 of the reasons why if you install jailkit after creating your client or website, it wont work, as it's when the client/website is created that the chroot jail is populated by jailkit)

    So when you login to a chroot jail, you will see /etc /var, but they are not the /etc or /var that your whole system uses, they are a copy, located in /your/clients/folder/clientx/webx

    One way to demonstrate this: log in as root, go to /etc and create a blank file with a notable name "imaGLOBALtestfile" or something, then navigate to /path/to/your/clients/clientx/webx/etc and create another blank file with a different notable file, e.g. "imaJAILEDtestfile". Now, connect via SSH, and login with your jailed user. Go to the /etc and see which file you can see. If you see "imaJAILEDtestfile" then jailkit is setup and working fine.

    The /etc and /var things visible in the jail shouldn't be able to actually be used or modified when logged in as the jailed user (as their typically root:root) But even if somehow they could be modified or tampered with, it wouldn't affect anything outside of the jail anyway, because it's just a copy of the system stuff used only in that jail.
     
  14. jaypabs

    jaypabs Member

    Thanks for the reply. It seems it is working fine now, except that it creates another /home folder inside the /var/www/clients/client3/web2 folder like: /var/www/clients/client3/web2/home/web2.

    Is it possible to iliminate the creation of a home folder and make the "/var/www/clients/clientx/webx/" as the home folder?
     
  15. ItsDom

    ItsDom New Member

    Try changing the "jailkit chroot home" to "/"
     
  16. jaypabs

    jaypabs Member

    Thanks. That's what I am looking for. It should not create another home under the webX folder as it is unnecessary.

    I hope ISPConfig will remove /home/[username] in the next update.
     
  17. jaypabs

    jaypabs Member

    BTW, how to remove this autogenerated home folder inside the webx folder?

    It's saying permission denied.:

    root@server:/var/www/clients/client3/web2# rm -rf home
    rm: cannot remove `home': Permission denied
    root@server:/var/www/clients/client3/web2#
     
  18. tiemnethcm01

    tiemnethcm01 New Member

    Ôi B?n th?t sáng t?o

    th?c t? vô cùng
     

Share This Page