ISPConfig- Jailkit stoped working after Wheezy upgrade

Discussion in 'ISPConfig 3 Priority Support' started by Gherc, Jun 17, 2013.

  1. Gherc

    Gherc New Member


    Please help!
    Upgraded Debian Squeeze To Wheezy from this how to. Everything looks fine but Jailkit in ispconfig no longer working.
    I've reinstalled to latest jailkit 2.16, then reconfigured services ISPConfig with update.php .
    Created a new user with shh, new site and a new shell user.
    When trying sftp
    FileZilla drops connectin-
    Error:	Connection closed by server with exitcode 39
    Error:	Unable to connect to server
    Jun 17 12:20:31 uupis sshd[1972]: Accepted password for tests1t1 from port 63840 ssh2
    Jun 17 12:20:31 uupis sshd[1972]: pam_unix(sshd:session): session opened for user tests1t1 by (uid=0)
    Jun 17 12:20:31 uupis sshd[1974]: subsystem request for sftp by user tests1t1
    Jun 17 12:20:31 uupis jk_chrootsh[1975]: now entering jail /var/www/clients/client10/web14 for user tests1t1 (5010) with arguments -c /usr/lib/openssh/sftp-server
    Jun 17 12:20:31 uupis jk_chrootsh[1975]: abort, failed to find user 5010 in /var/www/clients/client10/web14/etc/passwd
    Jun 17 12:20:31 uupis sshd[1972]: pam_unix(sshd:session): session closed for user tests1t1
    Jun 17 12:20:33 uupis sshd[1899]: pam_unix(sshd:session): session closed for user tests1t1
    ls -l /var/www/clients/client10/web14/etc/passwd
    -rw-r--r-- 1 root root 65 17 11:43 var/www/clients/client10/web14/etc/passwd
    ISPConfig Server Config->Jailkit

    Jailkit chroot home -/home/[username]
    Jailkit chroot app sections -basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh
    Jailkit chrooted applications -/usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico
    Jailkit cron chrooted applications -/usr/bin/php /usr/bin/perl /usr/share/perl /usr/share/php
    What has gone wrong?
    Jaikit really important for my server :eek:
  2. till

    till Super Moderator

    Pleasetry to edit the file:


    and replace line:




    and check if its works then again.
  3. Gherc

    Gherc New Member

    Thank you!

    Yes it works! Now It's jailed in tests1t1 home dir.
    Is there any idea why ISPConfig creating a new shell user points the wrong directory?
    How to correct it so I would not have to edit manually for each new user?
  4. till

    till Super Moderator

    The passwd file is created by jailkit and not ispconfig if I remember correctly, but I will have to check that. If its created by ispconfig, we will release a fix.

    I tested it here in ISPConfig on debian squeeze with jailkit 2.1.14 and the path is empty but the jail works, so this path was optional till now.So the difference is either the jailkit version or a library or program for wheezy.

    Is this path set in the local passwd files of old users on your server or is it empty as in the file you posted above?
  5. Gherc

    Gherc New Member

    Yes path in the local passwd files of old users is empty like- :::/bin/bash
    The saddest story Is that I probably will not find fix by my self.. It appeared after wheeze upgrade I did not notice it at right away. Maybe I'll try to re-install Jaikit to 2.1.14 but I doubt.. since before I was also 2.1.14

    It is strange that I am the only one with this kind of problem
  6. till

    till Super Moderator

    I'll add a report in the bugtracker. I will test to update jailkit on our test servers to 2.1.16 to see if its the jailkit version that causes the problems here or if it is related to wheezy components.
  7. medo

    medo HowtoForge Supporter


    have you find a patch, because I have the exactly same problem with latest ISPConfig and a wheezy with latest updates ?
    when I change the login path on the chrooted passwd file, it works well.

    Debian 7.8
    JailKit 2.17

    Thank you!
  8. till

    till Super Moderator

    All current jailkit versions are fully supported in ISPConfig incl. Jailkit 2.17. I use that here on my servers as well, works fine.

Share This Page