problem creating jailed shell users

hello

i have an ispconfig 3 installed following the guide at:

http://www.howtoforge.com/perfect-server-debian-lenny-ispconfig3

i have setup in a client:

Max. number of Shell users: 5
SSH-Chroot Options: Jailkit

and then i've created a shell user for this client, setting:

Chroot Shell: Jailkit

but i can't access to shell with that user, and in my /etc/passwd i've got:

testshell:x:5030:5029::/var/www/clients/client32/web62/./home/testshell:/bin/false

why is the shell configured to /bin/false? i did something wrong?

 

hello.

i've noticed it takes a while to create the users, but now there's nothing on the job queue, and the user is added to /etc/passwd.

the funny thing is that is added with a /bin/false shell:

satsh:x:5037:5035::/var/www/clients/client49/web84/./home/satsh:/bin/false

if i create another user without been jailed (chroot shell: none), it's created with a /bin/bash shell:

satrt:x:5037:5035::/var/www/clients/client49/web84:/bin/bash

and i can login with this user, with access to all file system

 

i have installed ispconfig in another server, and jailkit works fine.

i think the only differences between the testing server and my production site are this:

-in the production server, where didn't work jailkit, /home is a soft link to /usr/home:

lrwxrwxrwx 1 root root 10 abr 16 2010 home -> /usr/home/

-in production server, quota is not enabled (don't have the /quota.user and /quota.group files).


maybe one of these differences could be the reason to fail jailkit?

 

i keep working on it:

in my production server, when i create a jailed shell user, no jailed /bin carpet is created, only an /etc carpet whit a void passwd.

i've copied the /bin and /etc from a jailed user from my testing server, editing etc/group and etc/passwd with the data of the local user.

also i've changed the shell of the jailed user from /bin/false to /usr/sbin/jk_chrootsh

when i've tried to login, in auth.log i get:

Jul 19 15:18:11 mysite su[11866]: Successful su for satsh by root
Jul 19 15:18:11 mysite su[11866]: + pts/0 root:satsh
Jul 19 15:18:11 mysite su[11866]: pam_unix(su:session): session opened for user satsh by sshuser(uid=0)
Jul 19 15:18:11 mysite jk_chrootsh[11867]: abort, the current dir is /usr/var/www/clients/client49/web84 after chdir(/var/www/clients/client49/web84), but it should be /var/www/clients/client49/web84
Jul 19 15:18:11 mysite su[11866]: pam_unix(su:session): session closed for user satsh

ok, my /var is a softlink to /usr/var, so in ispconfig panel, i've changed at system -> server config -> web: all references from /var/... to /usr/var/...

i try to create a new user, site and shell user, but still is not created the jailed /bin neither /etc and in /etc/passwd the shell is still /bin/false

:-(

i try again to copy the bin and etc from a jail of my test server (editig /etc/group and /etc/passwd) and if i try to log now, auth.log shows:


Jul 19 16:09:03 mysite su[18609]: Successful su for tssatshell by root
Jul 19 16:09:03 mysite su[18609]: + pts/1 root:tssatshell
Jul 19 16:09:03 mysite su[18609]: pam_unix(su:session): session opened for user tssatshell by sshuser(uid=0)
Jul 19 16:09:03 mysite jk_chrootsh[18610]: now entering jail /usr/var/www/clients/client50/web85 for user tssatshell (5037)
Jul 19 16:09:03 mysite jk_chrootsh[18610]: ERROR: failed to execute shell /bin/bash for user tssatshell (5037), check the permissions and libraries of /usr/var/www/clients/client50/web85//bin/bash
Jul 19 16:09:03 mysite su[18609]: pam_unix(su:session): session closed for user tssatshell

any help?

 

hello

i don't understand where i have to disable the cronjob server.sh, is not in my cron.d

running that script (without disablen the cronjob) only shows:

19.07.2011-16:24 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
19.07.2011-16:24 - DEBUG - No Updated records found, starting only the core.
19.07.2011-16:24 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.

 

hello.

this is the output:
# /usr/local/ispconfig/server/server.sh
25.07.2011-16:09 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
25.07.2011-16:09 - DEBUG - Found 1 changes, starting update process.
25.07.2011-16:09 - DEBUG - Call function 'insert' in plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
25.07.2011-16:09 - DEBUG - Executed command: useradd -d /usr/var/www/clients/client50/web85 -g client50 -o -p \$1\$98v/TGom\$qbB.4U/S2CwJwjFe4hKYn0 -s /bin/bash -u 5037 tssatxell
25.07.2011-16:09 - DEBUG - Added shelluser: tssatxell
25.07.2011-16:09 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L tssatxell
25.07.2011-16:09 - DEBUG - Call function 'insert' in plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
25.07.2011-16:09 - DEBUG - exec: chmod 755 /usr/var/www/clients/client50/web85
25.07.2011-16:09 - DEBUG - exec: chown root:root /usr/var/www/clients/client50/web85
usermod: sin cambios
25.07.2011-16:09 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh tssatxell /usr/var/www/clients/client50/web85 /home/tssatxell /bin/bash web85 /home/web85
25.07.2011-16:09 - DEBUG - Added created jailkit user home in : /usr/var/www/clients/client50/web85/home/tssatxell
25.07.2011-16:09 - DEBUG - Added created jailkit parent user home in : /usr/var/www/clients/client50/web85/home/web85
25.07.2011-16:09 - DEBUG - exec: chmod 755 /usr/var/www/clients/client50/web85
25.07.2011-16:09 - DEBUG - exec: chown root:root /usr/var/www/clients/client50/web85
25.07.2011-16:09 - DEBUG - Jailkit Plugin -> insert username:tssatxell
25.07.2011-16:09 - DEBUG - Processed datalog_id 2054
25.07.2011-16:09 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
finished.


and now in /etc/passwd:

tssatxell:x:5037:5036::/usr/var/www/clients/client50/web85/./home/tssatxell:/usr/sbin/jk_chrootsh

but if i run su tssatxell it doesn't log, and in /var/log/auth.log:

Jul 25 16:12:27 myserver su[4295]: Successful su for tssatxell by root
Jul 25 16:12:27 myserver su[4295]: + pts/0 root:tssatxell
Jul 25 16:12:27 myserver su[4295]: pam_unix(su:session): session opened for user tssatxell by sshuser(uid=0)
Jul 25 16:12:27 myserver jk_chrootsh[4296]: now entering jail /usr/var/www/clients/client50/web85 for user tssatxell (5037)
Jul 25 16:12:27 myserver jk_chrootsh[4296]: ERROR: failed to execute shell /bin/bash for user tssatxell (5037), check the permissions and libraries of /usr/var/www/clients/client50/web85//bin/bash
Jul 25 16:12:27 myserver su[4295]: pam_unix(su:session): session closed for user tssatxell

 

hello.

if i try to run jk_init from the shell, i've got this error:

# jk_init -v -j /usr/var/www/clients/client6/web8 basicshell
ERROR: /usr/var/www/clients/client6/web8 is not owned by root:root!

ERROR: jail directory basicshell is not safe

Usage: /usr/sbin/jk_init [OPTIONS]
Usage: /usr/sbin/jk_init [OPTIONS] -j jaildir sections...

-h --help : this help screen
-c, --configfile=FILE : specify configfile location
-l, --list : list all available sections in the configfile
-j, --jail= : specify the jail to use.
For backwards compatibility, if no jail is specified, the first
argument after the options will be used as jail
-v, --verbose : show what is being done
-f, --force : force overwriting of existing files
-k, --hardlink : use hardlinks if possible


would it work if i copy the content of /usr/var to a new disk and mounted trough fstab so /var it's a mount point, not a symlink?

thanks!

 

I have same problem, i try chown bin, etc, var, dev, usr in /var/www/clients/client1/web1/

but not affect, continue without chroot in user...