Upgrade to 3.2 jailkit error

Discussion in 'General' started by areyescer, Oct 22, 2020.

  1. areyescer

    areyescer New Member

    On ubuntu 16.04 LTS upgrade to 3.2 cause :
    1. On existing sites -users :
    Oct 21 22:30:27 ubuntu1604 jk_chrootsh[31600]: ERROR: failed to execute shell /bin/bash for user USERNAME (5006), check the permissions and libraries of /var/www/clients/client3/web5//bin/bash.
    2. New user on existing sites: same error
    3. New users in new sites: OK
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Hello @areyescer,

    Can you gather a little debug info for this? First, simply run `ldd /var/www/clients/client3/web5//bin/bash` and see what it says, probably libraries not found.

    Then ensure you have an up to date /etc/jailkit/jk_init.ini (you should unless you have a conf-custom template which overrides it).

    Set the log level to Debug in your server config (for the web server node, if this is multi-server), and comment the server.sh and cron.sh cronjobs so they don't run (and restore them again after your testing).

    Then copy the 'Jailkit chrooted applications' setting from your Server Config (under Jailkit tab) to the website's 'Jailkit chrooted applications' setting (under the site Options tab) and make some change to it, eg. add /bin/true to the end.

    Then on the webserver as root, run /usr/local/ispconfig/server/server.sh and it will attempt to update/rebuild your jail - it may or may not have errors, but paste the output (or maybe save and attach as a .txt file?) here, then test the jail again.
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What shows command
    Code:
    ls -lh /var/www/clients/client3/web5//bin/
     
  4. areyescer

    areyescer New Member

    1. Run ldd /var/www/clients/client3/web5//bin/bash : all libraries ar ok(see ldd.txt)
    2. /etc/jailkit/jk_init.ini is up to date (view jk_init.txt)
    3. Log level to Debug and comment cronjobs:OK
    4.copy the 'Jailkit chrooted applications' setting from your Server: OK
    5. Run run /usr/local/ispconfig/server/server.sh : view server.txt
    6. Login in jail run /usr/local/ispconfig/server/server.sh : WORKS.
     

    Attached Files:

  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    That jk_init.ini is bad, it contains a known error (two includesections in [openvpn]) and is not current from the 3.2 installation source. See if you have a /usr/local/ispconfig/server/conf-custom/install/jk_init.ini.master and rename it if so, then reinstall 3.2 and reconfigure services again.

    Other than that, I'm glad triggering the jail to rebuild worked. Hopefully you find a jk_init.ini.master, as otherwise I have no idea why your jk_init.ini didn't update.
     
  6. areyescer

    areyescer New Member

    Thanks for your reply:
    There is no jk_init.ini.master in my instalation.
    1.- I've replaced existing /etc/webkit/jk_init.ini with the content of "git.ispconfig.org/ispconfig/ispconfig3/-/raw/develop/install/tpl/jk_init.ini.master"
    2.- I've reinstalled version 3.2 and reconfigure all services but the same procedure realized before must be repeated for all previous existing sites in order to jailkit to work.

    Note:
    running /usr/local/ispconfig/server/server.sh add two lines to /etc/postfix/main.cf (my main.cf was modify after upgrade a.) to re-enable TLSv1 because I've many clients with Outlook 2007/2010 and b.) to use restriction classes) support that make postfix to fail:
    23.10.2020-16:17 - DEBUG - safe_exec cmd: postconf -e 'smtpd_client_restrictions = ' - return code: 0
    23.10.2020-16:17 - DEBUG - safe_exec cmd: postconf -e 'smtpd_helo_restrictions = Array, Array' - return code: 0
     
  7. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You should remove the "Array" entries from smtpd_helo_restrictions.

    @Jesse Norell this is the second user with this "array array" issue. Any idea where it might come from?
     
  8. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    I'll try to take a look at it Monday.
     
  9. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5872 is to track this, I don't see any obvious cause of the problem, so probably have to track down more info to see how to reproduce. In particular, OS version, ISPConfig version being updated from, the previous smtpd_helo_restrictions line, and if this happens immediately upon upgrading (hence caused by the installer) or after changing server config (caused by server plugin).
     
  10. buhler

    buhler Member

    This procedure did not work for me.
     

Share This Page