I have installed ISP config 3.0.0.5 beta on debian etch 4, i think this version is really a good work. Now i want to create a chroot environment for ssh user accessing at domains, so i compiled e installed jailkit. Then i have create a new shell account and choose jailkit as chroot environment. When logged with this user i see all directory bin cgi-bin dev etc home lib lib64 log ssl tmp usr var web and i'm in /var/clients/client0/web1 So seems chroot does'nt working. How must setup this? Thanks Gio.
Jailkit creates these directories for the user inside /var/clients/client0/web1/, so its normal that you see them even if you are chrooted. Have a look in the file etc/password when you are logged in with this user, does it contain all other users that you craeted on the system?
i'am not chrooted and /etc/password contain all other users on the system and i have also all unix command. ISP config has create this in /etc/passwd system web9:x:5002:5002::/var/clients/client0/web9/./home/web9:/bin/false master02:x:5002:5002::/var/clients/client0/web9:/bin/bash I tried to add ./home/web9 in master02 web9:x:5002:5002::/var/clients/client0/web9/./home/web9:/bin/false master02:x:5002:5002::/var/clients/client0/web9/./home/web9:/bin/bash and now it seems to working but i got this is the shell I have no name!@miles:/home/master02$ any suggest? thanks. Gio.
i can add some info: 1)chrooted /var/clients/client0/webXX/etc/passwd contains only root:x:0:0:root:/root:/bin/bash 2) ls -l /var/clients/client0/webXX/etc total 56 (cutting) drwxr-xr-x 2 root root 4096 Jul 4 15:28 alternatives -rw-r--r-- 1 root root 1337 Jul 4 15:28 bash.bashrc -rw-r--r-- 1 root root 10 Jul 4 15:28 group -rw-r--r-- 2 5006 client0 9 Aug 7 2006 host.conf -rw------- 2 5006 client0 61 Jul 2 18:37 hosts -rw-r--r-- 2 5006 client0 28 Oct 28 2006 issue drwxr-xr-x 2 root root 4096 Jul 4 15:28 jailkit -rw-r--r-- 1 root root 1997 Jul 4 15:28 ld.so.cache -rw-r--r-- 1 root root 32 Jul 4 15:28 passwd i think there is a permission problem, whatever user going to add it got always 5006 UID, client0 GID. bye. Gio.
ok. Now i manually added in /var/clients/client0/webXX/etc/passwd e group the correct username and group. So bash now recognize my username. Do you think missed ./ in /etc/passwd and missed passwd e group in chrooted environment are ispconfig bugs or jailkit bug? thanks. bye.
I know that the developer of the ispconfig jailkit plugin is in contact with the jailkit developers as jailkit had problems with users sharing the same ID. So basically it can be a jailkit or ispconfig bug. But I did not write this plugin, so I'am not sure what the problem is. Did you install the latest jailkit version? I know that the jailkit devs wanted to fix something.
I have lastest jailkit version (2.5). Anyway, i tried to add a new client,domain,user and still have 5006 as UID, client0 as GID. How i can open an issue to plugin developers, please? tks. bye
The ISPConfig 3 bugtracker can be found here: http://bugtracker.ispconfig.org/index.php?project=3&do=index I added your request to the bugtracker.
HI, i worked on this bug and i discovered this: 1) script create_jailkit_chroot.sh, create_jailkit_programs.sh and create_jailkit_user.sh seems to working fine (started and verified manually) 2) i added more log to shelluser_jailkit_plugin.inc.php checking exec's return value. He say "master25 does not exist" (master25 is my user added by isconfig's panel). I think this is caused by the shelluser_jailkit_plugin.inc.php called before shelluser_base_plugin.inc.php called, so the user still isn't in the system. I noticed this also in the ispconfig log: 07.07.2008-15:13 - DEBUG - Raised event: 'shell_user_insert' 07.07.2008-15:13 - DEBUG - Call function 'insert' in plugin 'shelluser_jailkit_plugin' raised by event 'shell_user_insert'. 07.07.2008-15:13 - DEBUG - Added jailkit user to chroot with command: /usr/local/ispconfig/server/scripts/create_jailkit_user.sh master25 /var/clients/client0/web1 /home/master25 /bin/bash web1 /home/web1 with status user master25 does not exist 07.07.2008-15:13 - DEBUG - Jalikit Plugin -> insert username:master25 07.07.2008-15:13 - DEBUG - Call function 'insert' in plugin 'shelluser_base_plugin' raised by event 'shell_user_insert'. 07.07.2008-15:13 - DEBUG - Added shelluser: master25 I think you need to check all return value from shell command, cause i noticed another bug : when a user is deleted via control panel and the user is logged, it is deleted from database (no more in the panel) but the user is still in the system, because the exec say something like "can't delete. user it's logged". I noticed the function loadPlugins make a readdir system call which order file by file-system creation order. I think to accomplish the right order to load plugins, need some type of ordering routine like alphatical/numerical order. I made a little patch for loadPlugins function. function loadPlugins() { global $app,$conf; $arrayfile = array(); $plugins_dir = $conf["rootpath"].$conf["fs_div"]."plugins-enabled".$conf["fs_div"]; $app->log("Plugin directory started: $plugins_dir",LOGLEVEL_DEBUG); if (is_dir($plugins_dir)) { if ($dh = opendir($plugins_dir)) { while (($file = readdir($dh)) !== false) { if($file != '.' && $file != '..' && substr($file,-8,8) == '.inc.php') { array_push( $arrayfile, $file ); } } } } else { $app->log("Plugin directory missing: $plugins_dir",LOGLEVEL_ERROR); } sort($arrayfile); $app->log("Plugin sorted array".var_dump($arrayfile),LOGLEVEL_DEBUG); foreach($arrayfile as $file) { $app->log("Plugin found $file",LOGLEVEL_DEBUG); $plugin_name = substr($file,0,-8); include_once($plugins_dir.$file); $app->log("Loading Plugin: $plugin_name",LOGLEVEL_DEBUG); $app->loaded_plugins[$plugin_name] = new $plugin_name; $app->loaded_plugins[$plugin_name]->onLoad(); } } In this case plugins are just ordered (alphabetical) shelluser_base_plugin.inc.php shelluser_jailkit_plugin.inc.php but ofr future use i think it is preferred something like 1_shelluser_base_plugin.inc.php 2_shelluser_jailkit_plugin.inc.php 3_apache2_plugin.inc.php ecc,ecc just need installation script to rename the files and symbolics links Loading plugins in correct order make jailkit to working properly. Bye. Giovanni.
Thanks for your findings. This bug has been fixed some time ago by adding the sort part similar to your patch. I was not aware that it was not in 3.3.5 already, I just saw that the patch was included right after the 3.0.0.5 release on june 10. At the moment there were many new patches included, so I recommend that you update your system from SVN.
