Hi all! Apparently the chrooted SSH users are not able to log on. I'm using Debian GNU/Linux Jessie (8.5) with Jailkit 2.19. When reviewing /var/log/auth.log at the time that the users try to connect via SSH, is logged something as the following: Code: Jun 27 15:37:57 ispconfig jk_chrootsh[19240]: path /var/www/clients/client1/web7/bin/ is group writable Jun 27 15:37:57 ispconfig jk_chrootsh[19240]: abort, /var/www/clients/client1/web7 is not a safe jail, check ownership and permissions. Adding the following to /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh solves the problem: Code: chmod g-w $CHROOT_HOMEDIR/bin This was mentioned in the issue #3569 on May 20 2015, although it seems that is not yet implemented in the stable release. Kind regards, Daniel
That's a bug in Debian or Jailkit which has been introduced in the latest Debian or Jailkit version as it works fine in older versions of the OS and Jailkit and also fine in other OS, jailkit just copies the permissions that Debian has set as default for /bin which are wrong now according to the jailkit shell. I hoped that Debian or Jailkit fix this, but as this does not seem to be the case, then we will have to add a workaround for that.
Hi, Till. Thanks for your reply.There seems to be a difference in the permissions for stable compared to oldstable: Code: root@pfc:~# cat /etc/debian_version 7.10 root@pfc:~# ls -ld /bin/ drwxr-xr-x 2 root root 4096 mar 6 16:14 /bin/ Code: root@ispconfig:/var/www/clients/client1/web11# cat /etc/debian_version 8.5 root@ispconfig:/var/www/clients/client1/web11# ls -ld /bin/ drwxrwxr-x 2 root root 4096 Jun 9 16:20 /bin/ root@ispconfig:/var/www/clients/client1/web11# ls -ld ./bin/ drwxr-xr-x 2 root root 4096 Jun 28 15:37 ./bin/ Although I'm not sure why the Debian developers did this change or if it is a bug that should be reported. Kind regards, Daniel
