Name resolution not working for jailkit chrooted users

Discussion in 'Installation/Configuration' started by user99, Jul 12, 2011.

  1. user99

    user99 New Member

    I followed the "Perfect Server" installation for Ubuntu 11.04 and ISPConfig 3.
    When using shell as generic linux user or sudo, name resolution works perfectly.

    Inside a chrooted environment, name resolution fails.

    Here's what I did:

    I created a client, and a site. (No reseller is used in my case).
    I gave the client a chrooted shell.
    The client user can login to the shell, but cannot get name resolution from the shell using any of the available tools:

    ping: unknown host

    ping with ip address works fine, of course.

    More details:
    chrooted /etc/resolv.conf contains:
    search (my local domain here)

    The chrooted user can read from resolv.conf
    It is identical to the root version.

    /bin/ping does have required suid:
    ls -la /bin/ping
    -rwsr-xr-x 1 0 0 35680 Nov 15 2010 /bin/ping

    As far as the settings in ISPConfig's panel for jailkit, these are still set to default values:

    Jailkit chroot app sections:
    basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh

    Jailkit chrooted applications:
    /usr/bin/groups /usr/bin/id /usr/bin/dircolors /usr/bin/lesspipe /usr/bin/basename /usr/bin/dirname /usr/bin/nano /usr/bin/pico

    I copied dig and nslookup into the chrooted environment, and both work.

    Other info:
    This server functions as Web and Mail server only. All other services (including DNS server) are disabled. Mail seems to be working perfectly. I haven't tested the web server yet.

    Has anyone else run into this issue?
    Any ideas on what might be causing the problem?

    Last edited: Jul 12, 2011
  2. user99

    user99 New Member

    never mind

    I figured it out. Works fine now.
  3. Ghostdare

    Ghostdare Member

    Post your resolution here... if somebody end the same as you, to know how to resolve it.
  4. ispconfig-user

    ispconfig-user New Member

    Here's the fix.

    Copy these two libraries into their respective locations for the client sites, as follows:

    cp /lib/x86_64-linux-gnu/ /var/www/clients/client#/web#/lib/x86_64-linux-gnu/
    cp /lib/x86_64-linux-gnu/ /var/www/clients/client#/web#/lib/x86_64-linux-gnu/

    (NOTE: The location of these files may vary depending upon your distribution, but the names of the libraries will be the same. You can use strace with ping to find out where it's looking for them.)

    There are a lot of useful command line tools that are missing from the default client jail, such as ping, wget, dig, nslookup, etc. Not sure why these were left out. Maybe I did something wrong during the installation.


Share This Page