blank passwd in jail directory

Discussion in 'Developers' Forum' started by Paulo69, Oct 26, 2017.

  1. Paulo69

    Paulo69 New Member

    Hi, I have a weird bug when creating a shell-user. The passwd file in the jail directory is created but remains blank.

    Using ISPConfig 3.1.7p1 and JailKit 2.19 on Ubuntu xenial 16.04.3 LTS.
    Debug log of the shell-user process :

    25.10.2017-16:41 - DEBUG - Calling function 'insert' from plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'.
    25.10.2017-16:41 - DEBUG - Executed command: useradd -d /var/www/clients/client1/web6 -g client1 -o -p \$1\$a6SwxFTa\$Vrsz8migQ/bvAkNu6CNU71 -s /bin/bash -u 1003 usertest
    25.10.2017-16:41 - DEBUG - Added shelluser: usertest
    25.10.2017-16:41 - DEBUG - ssh-rsa setup shelluser_base
    25.10.2017-16:41 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client1/web6/.ssh/authorized_keys
    25.10.2017-16:41 - DEBUG - ssh-rsa key updated in /var/www/clients/client1/web6/.ssh/authorized_keys
    25.10.2017-16:41 - DEBUG - Disabling shelluser temporarily: usermod -s /bin/false -L usertest 2>/dev/null
    25.10.2017-16:41 - DEBUG - Calling function 'insert' from plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'.
    25.10.2017-16:41 - DEBUG - Added jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh /var/www/clients/client1/web6 'basicshell editors extendedshell netutils ssh sftp scp groups jk_lsh'
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/groups
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/id
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/dircolors
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/lesspipe
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/basename
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/dirname
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/pico
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/mysql
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/mysqldump
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/git
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/git-receive-pack
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/git-upload-pack
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /bin/tar
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /bin/rm
    25.10.2017-16:41 - DEBUG - Added programs to jailkit chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_programs.sh /var/www/clients/client1/web6 /usr/bin/patch
    25.10.2017-16:41 - DEBUG - Added bashrc script: /var/www/clients/client1/web6/etc/bash.bashrc
    25.10.2017-16:41 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh usertest /var/www/clients/client1/web6 /var/www/usertest /bin/bash web6 /var/www/web6
    25.10.2017-16:41 - DEBUG - Added created jailkit user home in : /var/www/clients/client1/web6/var/www/usertest
    25.10.2017-16:41 - DEBUG - Added jailkit parent user home in : /var/www/clients/client1/web6/var/www/web6
    25.10.2017-16:41 - DEBUG - ssh-rsa setup shelluser_jailkit
    25.10.2017-16:41 - DEBUG - ssh-rsa authorisation keyfile created in /var/www/clients/client1/web6//var/www/usertest/.ssh/authorized_keys
    25.10.2017-16:41 - DEBUG - ssh-rsa key updated in /var/www/clients/client1/web6//var/www/usertest/.ssh/authorized_keys
    25.10.2017-16:41 - DEBUG - Jailkit Plugin -> insert username:usertest
    25.10.2017-16:41 - DEBUG - Processed datalog_id 90
    25.10.2017-16:41 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
    25.10.2017-16:42 - DEBUG - Calling function 'check_phpini_changes' from plugin 'webserver_plugin' raised by action 'server_plugins_loaded'.
    25.10.2017-16:42 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock

    wc /var/www/clients/client1/web6/etc/passwd :
    0 0 0 /var/www/clients/client1/web6/etc/passwd

    tail /etc/passwd :
    <...>
    web6:x:1003:1004::/var/www/clients/client1/web6/./var/www/usertest:/usr/sbin/jk_chrootsh
    usertest:x:1003:1004::/var/www/clients/client1/web6/./var/www/usertest:/usr/sbin/jk_chrootsh


    When trying to connect to server using SFTP, I get this error : "Received unexpected end-of-file from SFTP server".

    in /var/log/auth.log :
    Oct 25 16:33:23 server sshd[22324]: Accepted password for usertest from 1.2.3.4 port 60473 ssh2
    Oct 25 16:33:23 server sshd[22324]: pam_unix(sshd:session): session opened for user usertest by (uid=0)
    Oct 25 16:33:23 server jk_chrootsh[22362]: now entering jail /var/www/clients/client1/web6 for user usertest (1003) with arguments -c /usr/lib/openssh/sftp-server
    Oct 25 16:33:23 server sshd[22324]: pam_unix(sshd:session): session closed for user usertest

    As far as I know, the passwd file in the jail directory shouldn't be empty. Any idea ?
     
    Paulo69, Oct 26, 2017
    #1
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Correct. I checked a random jail on a server and it has 2 entries, root and the single ssh user which is assigned to that jail.
    Try creating a jail manually with jk_init and see if it has the same problem; I suspect it might, and the problem would be local to the system, not anything in ispconfig. From there... see what's in your jk_init.ini ?
     
    Jesse Norell, Nov 1, 2017
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The SSH daemon authenticates against the system passwd file and not against the one within the jail and I don't see a reason to have the passwd in the jail at the moment (at least when you don't run any software in the jail that tries to authentcate against the paswd file in the jail), it might even be a security benefit to not have it there.
     
    till, Nov 2, 2017
    #3

Share This Page