Buggy home paths after update

Discussion in 'Installation/Configuration' started by tntteam, Apr 5, 2018.

  1. tntteam

    tntteam New Member

    Hi there,
    We have a problem with "shell users" since last update.

    Before, users were created using /var/www/clients/clientXXX/webXXX/web as "homedir" in /etc/passwd
    Now, they are created using /var/www/clients/clientXXX/webXXX/home/LOGIN as "homedir" in /etc/passwd

    New users works ok. Old users still did work until we did a configuration resync. ispconfig changed all the homedir attributes, and all users created before update are now buggy :

    Their "homedir" in /etc/passwd have been changed to be in the new format : /var/www/clients/clientXXX/webXXX/home/LOGIN
    But when they connect using sFTP, they end in /var/www/clients/clientXXX/webXXX/home/LOGIN folder displaying a poor ".ssh/" folder, .bash_history and .profile files, and nothing else, whereas new created users ends in /var/www/clients/clientXXX/webXXX

    I don't understand why old users ends in /home/LOGIN whereas new users are ok and both old and new users have same values in /etc/passwd now
    We are not using jailkit btw, only MySecureShell for sFTP

    I think I'm missing a configuration file somewhere that tells sFTP server "this user LOGIN have a homedir /var/www/clients/clientXXX/webXXX/home/LOGIN but when he logins show him /var/www/clients/clientXXX/webXXX/"

    Deleting and Recreating old shell users have no effect. ATM the only way out for us is to manually modify /etc/passwd for old accounts and remove the extra /home/LOGIN in homedir field and cross fingers to never need to resynchronize servers.

    Please tell me which step I need to do so old users could end in good folder when connecting to sFTP.

    Sorry for my english and thanks for your help !

    edit; (I can't post links...)

    this is related to : https :// git.ispconfig.org/ispconfig/ispconfig3/issues/3570 and https :// git.ispconfig.org/ispconfig/ispconfig3/issues/3820
    Last edited: Apr 5, 2018
  2. tntteam

    tntteam New Member

    Well, to add some informations, after issueing a service mysecureshell restart, new users also ends in /var/www/clients/clientXXX/webXXX/home/LOGIN

    This is a complete mess. :(

    How is that supposed to work when ispconfig adds an unwanted /home/LOGIN at the end of the homepath ? How sftp server can know that this is not the real homepath ?
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    The path /var/www/clients/clientXXX/webXXX/home/LOGIN is the real home path of a shell user. What you can do for easier shell navigation is to add a symlink web which points to ../../web/
  4. tntteam

    tntteam New Member

    Some debug :

    I login using sftp, I end up in the good folder /var/www/clients/client612/web816

    Using sftp-who :
    After issueing a service mysecureshell restart, I am still in the good folder /var/www/clients/client612/web816

    After some hours, days ? I will end up in /var/www/clients/client612/web816/home/testguillaume3
  5. tntteam

    tntteam New Member


    If I understand correctly, this is intended ? Did you choose to break compatibility with mysecureshell or forgot about it ?

    I do not intend to be aggressive, I'm just trying to understand.

    If I want my oold behaviour back, what should I do without breaking everything in ispconfig ?
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, the homedir of the user testguillaume3 is /var/www/clients/client612/web816/home/testguillaume3. The old behaviour was reported as a bug by many users. The web root as homedir like we used it before caused issues as this directory is not writable by the user and the homedir has to be writable by the user.

    You'll have to change the ISPConfig sourcecode.
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    I just tested sftp and it works fine here. I end up in the home dir of the user, not the web root, and I'm able to enter the web dir from there. So SFTP works fine.Like I mentioned above, if you don't want to go 2 directories down to enter the web dir, then add a symlink in the homedir which points to the web dir.
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    As a side note, a software named mysecureshell is not used by ISPConfig and is not part of ISPConfig setups. So if you are using that instead of openssh with normal shell, then there might be problems in case that mysecureeshell is not compatible with the new folder layout or you are using a custom plugin in ispconfig for mysecureeshell that needs to be adjusted to be compatible with the new ISPConfig version.
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    I did a short peek at the mysecureshell docs. What you probably need is a config file that defines vhosts for the sites, you can write such a file automatically with an ispconfig server plugin that binds itself to the website insert event.
  10. tntteam

    tntteam New Member

    THanks for your informations.

    I am familiar with PHP so I can modify the ispconfig code to include a simlink creation when creating a shell user (mysecureshell "chroot" the user into his homedir, thats why you can't go upper directory to find the so wanted web/ folder).

    What recommendation would you give me to do that ?

    I mean I could modify the shelluser_base_plugin.inc.php but next update everything will be broken. I think you put a plugins-available and plugins-enabled/ folder layout for a reason : I could write a specific module that create the simlink (better than changing everywhere the homedir is evaluated).
    Also you are right, I could make a plugin that modify the mysecureshell config to make the sftp users lands in the good folder directly.

    Could you give me some pointers about :
    - Where insert a function call when a shell user is created without modifying existing ispconfig files ? Is that even possible ? Maybe there is a logic inside ISPConfig that scans every plugin files and call specific function names of every plugin files depending on which action is currently performed ?
    - To enable a "plugin" I make a simlink inside plugin-enabled to plugins-availables or there is a smarter way ?

    I read your doc http://docs.ispconfig.org/development/interface/ but it's more focused on web interface development.


Share This Page