Jailkit Problems

Discussion in 'Developers' Forum' started by halsafar, May 4, 2012.

  1. halsafar

    halsafar New Member

    *Please move to appropriate category*

    Followed perfect server configuration on Ubuntu 12.04 every step of the way in the exact order. Everything was fine up until attempting to setup shell users in ISPConfig that are jailed.

    Making a post with some solutions as Google lacks good help in this area.

    Problem: namespace resolution and cannot scp/sftp
    - Jailed users could not perform name resolution (errors with wget for example)​

    - Jailed users could not use scp (unknown user $uid)​

    Solution to both (replace # with your client and site numbers):
    Code:
    cp /lib/x86_64-linux-gnu/libnss_* /var/www/clients/client#/web#/lib/x86_64-linux-gnu/

    Permanent solution likely involves a fix in /etc/jailkit/jk_init.ini. The paths it contains are wrong for some of the libs and it does not list all the necessary libs.​

    Problem: nano, pico "Error opening terminal: xterm"
    - likely caused because xterm libraries are missing
    - you maybe don't want xterm as your choice
    Solution:
    Still trying to fix this one​
     
  2. Steveorevo

    Steveorevo Member

    I'm wondering if I'm having the same problem. While jailkit ssh sessions work find on the command line, using any type of highlevel client simply doesn't work (MacFusion, Coda, Cyberduck, Dreamweaver, etc.).

    I suspect it is because scp is broken and this solution requires a manual for every client that gets created? Trying to find a fix...
     
  3. Steveorevo

    Steveorevo Member

    Jailkit appears to be half baked. Core libraries are missing since Ubuntu now implements the /lib/x86_64-linux-gnu subfolder. I was able to resolve this by creating aliases for select components to the sub folder. I did this prior to installing ISPConfig and it appears to have resolved my issues of scp/sftp (allowing Dreamweaver, Coda, Macfusion, clients to connect with jailkit, etc.). I'm not sure if this is the appropriate way to do this, but here is how:

    cp -s /lib/x86-linux-gnu/libnss_* /lib/
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Not at all. The jailis fully configurable. You can configure it in jailkit if you need additional software or if you want to copy additional directores when the jail is created. Please take a look at the jailkit documnetation, the available config files and options are explained there.

    http://olivier.sessink.nl/jailkit/
     
  5. Steveorevo

    Steveorevo Member

    Sorry. I should clarify; Jailkit does not work by default like it did on Ubuntu 10.04 LTS because Ubuntu's introduction of the subfolder in 12.04 LTS. While you can ssh and do something as trivial as ls, you cannot use it for SFTP, you cannot use it for commands such as scp, nor can you use it for commands like wget. No IDEs or transport programs will work with it 'out of the box'. No Netbeans, no eclipse, no Dreamweaver, Coda, PHPEd, no Cyberduck, no Macfusion, ...

    However, you can fix this by using the command above to restore symbolic links to the needed libraries to use Jailkit in the most common manner for web purposes: data i/o.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    What you did with the command above con be configured in the jailkit config files. Why do you run this command manually if you can just configure it in the jailkit config files?

    Most users use ftps with these apps (not scp or sftp), so no ssh user is required then.
     
  7. Steveorevo

    Steveorevo Member

    Hi Til,
    Thank you for responding.

    I did this for the same reason that myself, halsafar, globiws, and several others have stated in their post titles: "namespace resolution and cannot scp/sftp", and "Ubuntu Jailkit multiple problems".

    I believe we're not familiar with Jailkit like you are. :) Had we known that, we wouldn't be asking these questions or creating those post titles. You see, Falko (and yourself) often provides great insight and quality posts that work really well! So I had to improvise and provide a solution for others that just works in your absence.

    As I stated in my post, "I'm not sure if this is the appropriate way to do this, but here is how...". Now I know, thanks to your response and keen knowledge.

    Thank you very much!
     
  8. Steveorevo

    Steveorevo Member

    Thats because most users are stuck with cPanel or simply don't have access to something as simply and cool as ISPConfig!

    I prefer SFTP because it has several pros like one connection (no need for DATA ports), native support for keys, its directory listing is uniform, standard and consistent mechanism for file and directory attributes, includes operations for permissions and file locking and more functionality (used in some IDEs GUIs, etc.).
     
  9. bormoglot

    bormoglot New Member

    the same trouble, solutions do not work

    I have Ubuntu 12.04 LTS (GNU/Linux 3.2.0-27-generic x86_64) with ispconfig 3.0.4.5. Symptoms are exactly as described (ssh logins fine but no more: jailed session give no name resolution, no scp, no nothing).

    I have updated jk_init.ini with widest references
    ===================================
    [uidbasics]
    libraries = /lib/*, /lib64/*, /usr/lib/*, /lib/x86_64-linux-gnu/*

    and

    [netbasics]
    libraries = /lib/*, /lib64/*, /usr/lib/*, /lib/x86_64-linux-gnu/*
    ===================================

    But it does not help. Where to look at further?
     
  10. Steveorevo

    Steveorevo Member

    see above?
     
  11. bormoglot

    bormoglot New Member

    Do you mean copying? I have tried that first with the same result (i.e. no results).

    How can I trace what is missing for proper scp or wget functioning?
     
  12. bormoglot

    bormoglot New Member

    RTFM "jailkit" really helps. For those lazy people like me a short summary:

    Edit /etc/jailkit/jk_init.ini to change all paths to your system's correct values. Mine first two sections looks like that now:

    Code:
    [uidbasics]
    comment = common files for all jails that need user/group information
    libraries = /lib/x86_64-linux-gnu/libnsl*, /lib/x86_64-linux-gnu/libnss*
    regularfiles = /etc/nsswitch.conf, /etc/ld.so.conf
    
    [netbasics]
    comment = common files for all jails that need any internet connectivity
    libraries = /lib/x86_64-linux-gnu/libnss*
    regularfiles = /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
    Then run

    Code:
    jk_init -f -k -j /var/www/clients/client1/web1 scp
    using your own values instead of client1/web1 and scp
     
  13. The Other Air Force

    The Other Air Force New Member

    I was having the same difficulty. Thanks!

    I wonder if we could request a feature for the admin control panel to call jk_update so once I've fixed the jk_init.ini file I can tell the control panel to fix either all or just individual jails.

    For now, after fixing jk_init.ini, I just use:

    Code:
    jk_update -j /var/www/clients/clientx/webx
    and the problems I've been having go away.

    Luckily I only have a couple of jails, but I'd imagine it would be tedious if there were more. By the way, if you are using a 32-bit version of Ubuntu the directory starts with i386 not x64.

    Thanks for the help!
     
  14. till

    till Super Moderator Staff Member ISPConfig Developer

    Makes sense to add a jailkit update functionality. Please make a feature request for that in the bugtracker.
     
  15. basz

    basz New Member

    Solution to both (replace # with your client and site numbers):
    Code:
    cp /lib/x86_64-linux-gnu/libnss_* /var/www/clients/client#/web#/lib/x86_64-linux-gnu/

    So what to do if I don't have /lib/x86_64-linux-gnu/libnss_* or /lib/x86-linux-gnu/libnss_* installed?

    Permanent solution likely involves a fix in /etc/jailkit/jk_init.ini. The paths it contains are wrong for some of the libs and it does not list all the necessary libs.​

    Is this something that will solve itself from upstream by magical fairies or do I need to manually do this (and what exactly)

    So for now I use FTPS, but I rather have SFTP working too (needing an ssh account is a plus for me...)
     

Share This Page