chroot SSH Session Has Empty Directories

Discussion in 'General' started by GoremanX, Apr 17, 2010.

  1. GoremanX

    GoremanX New Member

    I've got ISPConfig 3.0.2.1 successfully running on Ubuntu 9.10. Everything seems to be working well, except for one thing. When a user logs into his site using SSH, everything seems to work right, but the directories are empty. The user gets logged into /home/[USERNAME]xxx and the filesystem looks as follows:

    Code:
    /home/web1
    /home/[USERNAME]xxx
    /home/[USERNAME]xxx/.bash_history
    /home/[USERNAME]xxx/.cache
    /home/[USERNAME]xxx/.cache/motd.legal-displayed
    
    That's all, nothing else. On the other hand, when the user logs in via ftp, everything that should be there is displayed. (bin, cgi-bin, dev, etc, web site contents, so on, so forth).
     
    Last edited: Apr 17, 2010
  2. GoremanX

    GoremanX New Member

    Immediately after my post above, I tried disabling the jailkit chroot option. Now everything works as expected, except of course that the user is no longer chrooted and that sucks.
     
    Last edited: Apr 17, 2010
  3. GoremanX

    GoremanX New Member

    hello? Little help? This was over a week ago...
     
  4. mike_p

    mike_p Member

    What are the permissions for, say, bin and dev compared with .cache. (ie run ls -la on the user's home account when logged in via ssh as root)

    I'm using Centos so things may be a bit different: I'm a bit surpised that the ssh access puts him into /home/web1. I thought the default for ISPConfig was for user to have his home directory in /var/www/web1.
    Have you changed the default address for client accounts?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats fine. There is nothing more in the homedir of course, as the user is in its jail. Do a:

    cd /

    to see the full filesystem.

    Logging in with FTP is something completely different, the FTP user is a virtual user and no system user so the ftp user is in the / directory directly after login.
     
  6. GoremanX

    GoremanX New Member

    I just tried this again with a new account. When logged in as root, ls -al gives me:

    Code:
    root# ls /var/www/fpzhosting.com/home -al
    total 4
    drwxr-x--x  5 root root      55 2010-04-26 17:06 .
    drwxr-xr-x 14 root root    4096 2010-04-26 02:33 ..
    drwxr-xr-x  2 web1 client1    6 2010-04-26 00:38 fpzhosting_1
    drwxr-xr-x  3 web1 client1   19 2010-04-26 17:06 fpzhosting_2
    drwxr-xr-x  2 web1 client1    6 2010-04-26 00:38 web1
    
    root# ls /var/www/fpzhosting.com/home/fpzhosting_2 -al
    total 0
    drwxr-xr-x 3 web1 client1 19 2010-04-26 17:06 .
    drwxr-x--x 5 root root    55 2010-04-26 17:06 ..
    drwxr-xr-x 2 web1 client1 33 2010-04-26 17:06 .cache
    When logged in as the user fpzhosting_2 (who is using jailkit), ls -al gives me:

    Code:
    fpzhosting_2:~$ ls -al
    total 0
    drwxr-xr-x 3 fpzhosting_1 client1 19 Apr 26 21:06 .
    drwxr-x--x 5 root         root    55 Apr 26 21:06 ..
    drwxr-xr-x 2 fpzhosting_1 client1 33 Apr 26 21:06 .cache
    Which of course makes no sense since the user is fpzhosting_2. Trying to ls any directory other than /home/fpzhosting_2 gives me a "Permission denied" error, even if I try to ls /home. If I log in as fpzhosting_1 (who is not using jailkit), then I end up at the /var/www/clients/client1/web1 directory and can travel through the entire directory structure of the server.

    I haven't changed anything. I got the exact same behaviour when I tried this with Ubuntu 9.10.

    As an experiment, I tried deleting all shell user accounts and re-creating the fpzhosting_1 user with Jailkit enabled... and all the web-related directories were DESTROYED! The www and cgi-bin directories (perhaps among others) are just GONE!!! WTF?!? All my hard work has been deleted! (I never left the Shell window in ISPConfig 3, according to the control panel, the site still exists)

    Code:
    root# ls /var/www/clients/client1/web1/ -al
    total 12
    drwxr-xr-x 10 root root   87 2010-04-26 17:25 .
    drwxr-xr-x  3 root root   38 2010-04-26 17:25 ..
    drwxr-xr-x  2 root root 4096 2010-04-26 17:25 bin
    drwxr-xr-x  2 root root   41 2010-04-26 17:25 dev
    drwxr-xr-x  6 root root 4096 2010-04-26 17:25 etc
    drwxr-xr-x  3 root root   17 2010-04-26 17:31 home
    drwxr-xr-x  5 root root 4096 2010-04-26 17:25 lib
    drwxrwxrwx  2 root root    6 2010-04-26 17:25 tmp
    drwxr-xr-x  6 root root   49 2010-04-26 17:25 usr
    drwxr-xr-x  3 root root   16 2010-04-26 17:25 var

    Please re-read my original post. There I gave you a complete directory listing for the ENTIRE filesystem when a user is logged in with Jailkit enabled, starting from / (there was only /home under /)

    I don't really care where I end up when I log in, it's a simple matter to switch directory when I log in. My point is there is NO directory structure visible when logged in using ssh and jailkit. The vhost directory structure does not exist.

    Not that any of this matters, if it's this easy to accidentally DELETE the entire web site, then I'm concerned about what other bugs lurk beneath the code. I have no intention of using this software on a production server if that's the case.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Not sure what you did but deleting a shell user in ispconfig does not delete any website content of course. Just tested this on my servers and it works as expected, no web content gets deleted. Only the shell user gets removed.

    So which exact ispconfig version do you use and which jailkit version? Did you ollow exactly the setup guide?
     
  8. GoremanX

    GoremanX New Member

    As stated in the first post, I was using ISPConfig 3.0.2.1 . I used Jailkit 2.11 (the setup guide called for 2.10, but the setup guide was written before Jailkit 2.11 was released). I followed the guide precisely, with the exception of the latest versions of Jailkit and ISPConfig versions.

    If ISPConfig 3 can't do that, then why did it happen? The directories are just GONE!

    And on a side note, why am I seeing this in the system log every 5 minutes?

    Code:
    Apr 26 14:35:01 domU-12-31-39-09-25-65 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
    Apr 26 14:35:01 domU-12-31-39-09-25-65 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    The jailed users are deletd by the scripts provided by jailkit and not by scripts from ispconfig. If I remember correctly, there was a bug in a jailkit version that caused a similar problem some time ago, maybe it has been reintroduced in the last version. So your problem is most likely related to the jailkit version. We can try to do some more tests if you file a bugreport (http://bugtracker.ispconfig.org) about this possible incopatibility and we will contact the jailkit developer if it can be reproduced.

    Regarding your other question: The log lines are from the monitoring system, which checks every 5 minutes if all services are working correctly on the server.
     
  10. GoremanX

    GoremanX New Member

    I wish I could reproduce it, but I can't. I've tried everything and it's not happening again. All my work is just gone, and I can't figure out why... this isn't a production server (yet), so backups weren't in place until everything was setup. This is so incredibly aggravating.

    I don't see much point in filing a bug report for something I can't even reproduce. I don't know what I did to cause this. One shell account was clearly misbehaving with incorrect permissions, and removing all accounts at that point caused incorrect directories to disappear.

    One thing I do notice is that the directories that were deleted were exactly the ones that get created by ISPConfig 3 when a new site is created (before any ftp or shell users are added). A skeleton site looks like the following:

    Code:
    root# ls /var/www/clients/client1/web1 -al
    total 0
    drwxr-x--x 6 web4 client1 60 2010-04-26 19:52 .
    drwxr-xr-x 3 root root    35 2010-04-26 19:52 ..
    drwxr-x--x 2 web4 client1  6 2010-04-26 19:52 cgi-bin
    lrwxrwxrwx 1 web4 client1 36 2010-04-26 19:52 log -> /var/log/ispconfig/httpd/fpztest.com
    drwxr-x--x 2 web4 client1  6 2010-04-26 19:52 ssl
    drwxrwxrwx 2 web4 client1  6 2010-04-26 19:52 tmp
    drwx--x--- 4 web4 client1 98 2010-04-26 19:52 web
    Once a shell user is added, it looks like this:

    Code:
    root# ls /var/www/clients/client1/web1 -al
    total 8
    drwxr-xr-x 11 root root     130 2010-04-26 19:56 .
    drwxr-xr-x  3 root root      35 2010-04-26 19:52 ..
    -rwxr-xr-x  1 web4 client1    0 2010-04-26 19:56 .bash_history
    drwxr-xr-x  2 root root    4096 2010-04-26 19:56 bin
    drwxr-x--x  2 web4 client1    6 2010-04-26 19:52 cgi-bin
    drwxr-xr-x  3 root root     142 2010-04-26 19:56 etc
    drwxr-xr-x  4 root root    4096 2010-04-26 19:56 lib
    lrwxrwxrwx  1 web4 client1   36 2010-04-26 19:52 log -> /var/log/ispconfig/httpd/fpztest.com
    drwxr-x--x  2 web4 client1    6 2010-04-26 19:52 ssl
    drwxrwxrwx  2 web4 client1    6 2010-04-26 19:52 tmp
    drwxr-xr-x  4 root root      26 2010-04-26 19:56 usr
    drwxr-xr-x  3 root root      16 2010-04-26 19:56 var
    drwx--x---  4 web4 client1   98 2010-04-26 19:52 web
    And after "the incident" (immediately after I deleted all shell users and created a new one), it looked like this:

    Code:
    root# ls /var/www/clients/client1/web1/ -al
    total 12
    drwxr-xr-x 10 root root   87 2010-04-26 17:25 .
    drwxr-xr-x  3 root root   38 2010-04-26 17:25 ..
    drwxr-xr-x  2 root root 4096 2010-04-26 17:25 bin
    drwxr-xr-x  2 root root   41 2010-04-26 17:25 dev
    drwxr-xr-x  6 root root 4096 2010-04-26 17:25 etc
    drwxr-xr-x  3 root root   17 2010-04-26 17:31 home
    drwxr-xr-x  5 root root 4096 2010-04-26 17:25 lib
    drwxrwxrwx  2 root root    6 2010-04-26 17:25 tmp
    drwxr-xr-x  6 root root   49 2010-04-26 17:25 usr
    drwxr-xr-x  3 root root   16 2010-04-26 17:25 var
    Of course, it's possible that the entire contents of the /var/www/clients/client1/web1/ directory got deleted and the shell-related directories got added back when I re-created a shell user.

    Is there a log file for Jailkit somewhere?

    It's a conundrum... I absolutely need a chroot jail for ssh users, but I can't be running these kinds of risks on a production server. For the most part I like ISPConfig 3 so far, it serves our needs well. I'm not sure what to do anymore...
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    No. Except of the ispconfig cron log which contains error messages from shell commands. If you want to see in detail which actions are executed by ispconfig, you can turn on debugging under system server settings in ispconfig.
     
  12. GoremanX

    GoremanX New Member

    It did it again. Deleting the last shell user deleted the entire contents of the /var/www/clients/client2 directory (including the entire web site) with the exception of the symlink, which is now pointing nowhere. The website still shows up on the ISPConfig 3 control panel, even though it's gone. I'm using the following:

    Ubuntu 9.10 (setup exactly as per the guide)
    ISPConfig 3.0.2.1
    Jailkit 2.10 (as per the guide)

    In addition, the shell user I created was unable to log in successfully via ssh. The user connected, the system asked for a password, connection was successful, and the connection was immediately and inexplicably closed. There was no error message. This is why I deleted the shell user (and that's when everything else got deleted too).

    I deleted the web site from the control panel, re-created it, and re-created the shell user (with jailkit enabled), and now everything works fine... until the next time this happens.

    I filed a bug report, as recommended earlier.
     

Share This Page