Not sure where I did go wrong, but I did install Jaikit (according to The Perfect Server - Debian Lenny (Debian 5.0) [ISPConfig 3] - Page 4 - step 15 - Install Jailkit) before I installed ISPconfig 3 Whatever option I try for a Shell-User (none / Jailkit / SSH CHroot), they can cd into other directorys, and read the data. Is it me who made a mistake, or does it not work on Lenny?
Jailkit works for me fine on lenny, there are no known bugs. SSH-Chroot will only work if you patch your SSH daemon like it was nescessary for ispconfig 2.
Hi Falko, I'm 100% sure that I did install it according to the howto. Also the directory /etc/jailkit and the needed files do exist, and jk_sockeetd.ini does point to the "jailed" user directory When I login with the created shell-user I get this back as prompt. Is the $USER correct, or should it say the user name? Also.. Is there an other way of checking that Jailkit is installed correct?
I've created a new domain / user, and now jailkit is working fine! The 1st domain / user that I tested it with was the main host name of the server. I guess that this was kind of mixing things up. All is working fine for the new user. However! I do still see the deleted test user accounts in "/var/clients/client1/web1/home"
Hi, I think I have a similar problem. I created a client, then a website and at least, at shell account with a Jailkit chroot. Its dir is `/var/www/clients/client1/web1`. When I login, I'm located in `/var/www/clients/client1/web1/home/[clientname]`. I can browse the whole filesystem (according to the user permissions at least). A last thing, I let the username empty because a shell login with [clientname] was fine. Could it be related? No chroot created because of no username given? PS: I've installed Jailkit before ISPConfig ;-)
Are you really sure that you can broser the complete filesystem? Please login with that user and then execute: cd / and post the output of: ls -la
Ok, the user is really not chrooted. Did you get any errors in the log files (see monitoring module) as you created the jailed user? Please try to create a different new jailed user and check if this gets jailed.
I reinstalled the whole box, created 2 accounts (with login suffix now, like [CLIENTNAME]test1 & test2) but I encounter the same issue: `cd /` brings me to the very root of the server. However I noticed whem I just connected, I'm in `/var/www/clients/client1/web1/./home/[CLIENTNAME]test1`. When I do `cd`, I'm then in `/var/www/clients/client1/web1/home/[CLIENTNAME]test1`. Does it help?
If you have a . in the path then you selected the wrong chrooting method and this explains all your problems. You have to select jailkit and not ssh chroot if your ssh daemon has not been patched for chrooting.
I have only 2 choice for Chroot Shell: None or Jailkit. I patched nothing else (I followed the install guide step by step except for the webmail and FTP server I don't want) so I'm wondering where its comes from. I'm on a Debian Lenny (5.0.1).
I investigated a little more but I find nothing. I've only installed jailkit with the configure/make/make install and nothing more. It was the version 2.7. I checked files within /etc/jailkit and the only one with a different modified date was jk_socketd.ini: In the Monitor tab of ISPConfig, I don't have anything related to Jailkit, only Fail2ban:
Looks fine so far. If I remember correctly I did my last tests with Jailkit 2.6, maybe something changed there. I will try to setup a new system in the next days to see if everything is still working. Added this to the bugtracker: http://bugtracker.ispconfig.org/index.php?do=details&task_id=716
Just wondering if this is still valid, as far as I know the latest openssh contains the patch so it is not needed anymore. Besides, I followed the how to for the perfect debian lenny webserver for ispcfg3 completely and I am not offered the chroot option only the jailkit one. besides, what is the difference in a few sentences between those two?
This is still valid. The patch in openssh is not compatible with the way the chroot was configured with the patch thatw as available before.
In fact I just saw these logs (/var/log/auth.log) after creating a user: Finally, when the user log-in, the path is good as it's the setuped one. But it's not the expected one. Hope it helps
If you use Jailkit newer then 2.5 then please install this update: http://www.howtoforge.com/forums/showthread.php?t=34555
I applied the update, reconfigured the services, switched a Shell User account from Jailkit to None then None to Jailkit and now I'm dropped in the good directory (the one of the Dir option in the Options tab of ISPConfig. If I do "cd /", I can still access the root of the server. Is it normal?