Question about: chroot_ssh_sftp_debian_etch

Today i've setup chroot for my debian etch server with ispconfig according: http://www.howtoforge.com/chroot_ssh_sftp_debian_etch It is my first experience with chroot.
The setup looks easy, but i don't have the result i expect.

I took all the steps as mentioned within the first method at point 2).
After that i enabled $go_info["server"]["ssh_chroot"] = 1; within /home/admispconfig/ispconfig/lib/config.inc.php.
Logged in into ispconfig as admin and enabled ssh for the site and user.

I logged in via Putty (SSH) with the loginname and password.
Until now everything looks fine, but i am a little confused:

After the login, i did not see hostname:/userdirectory$. But -bash-3.1$ instead. Maybe it's correct, but i did not expect this. I also don't know, how i can verify if the user is jailed within his own homedir. When i type help, i see a lot of commands i am not familiar with.

Can anyone tell me if what i describe is normal.
I also want to know if it's possible to create crontabs for the user.

 

You can verify that you are jailed by trying to escape the jail.

Code:

cd /

I also think the prompt is changed because of the chrooting as bash possibly has no access to the directories above your home.

 

@Topdog,
Thanks for your reply.
If i do an cd /, i just see / no more.

Actually, i dont'understand:

When i create the user testuser within ispconfig, give testuser shell access, i can login via Putty (SSH) indeed.
I only see dir /, so the user seems to be jailed.

When testuser logs in via FTP, i see all the dirrectories of the user like:
bin, dev, etc, lib, lib64, Maildir, usr, var & web.

Should i not see the same, when i access the server with the useraccount testuser if i login via SSH?

 

Am not sure about what directories are available in the users home directory with the ISPconfig setup but usually there would be no dev, lib,usr, and var.

But if you are being chrooted by ftp you should see the same file structure, meaning if you have Maildir in your home you should see that.

But you should not be able to go to any directory above your home say for example /etc or /tmp or even /home

 

@Hans
I have used chroot for awhile now and that is how it looks and feels here so I belive you are good as I have not had any issues to date.

 

@Topdog,
The directories i mentioned are correct for the ispconfig testuser.

Whell it seem that i am jalied within the wrong place then.
It sounds a little funny in this situation, but i hope somebody can help me out then.
Guide me to the right location.

 

I suspect that your users home may be under /home and the chroot is jailing users under /home/chroot/home/ just check that out.

 

@Daveb,
You tell me that you have the same as i have?
When you login with an ISPConfig user, you don't see the users'directories like me, which are:
bin, dev, etc, lib, lib64, Maildir, usr, var & web ? Which are displayed, after succesfulyy logged in via FTP?

@Topdog,
You make the same conclusion as i do: probably a wrong chroot environment.
Whell maybe i am wrong (remember this is my first time), but i took only the first step within the howto, as i mentioned above. I did NOT perform the steps to create the chroot /home/chroot environement.

I made this conclusion, because i thought ISPConfig will create the environment for the user.
(When a new user has been added in ispconfig with shell access).

But my steps does not seem to be enough...

 

actually hans I never created a test system user using /usr/local/sbin/create_chroot_env
so I cannot truly verify that atm. but that user if using the tutorial should be jailed in /home/chroot/home/testuser and your folders in question I belive is in /home/chroot/etc dev ect..
but when you changed ispconfig to use chroot now that uses /root/ispconfig/scripts/shell/create_chroot_env.sh
from ispconfig not the one you created in /usr/local/sbin/ and them users should be jailed within their web folders.

 

@Daveb,
Thanks for your support!

I also did NOT create the testuser as described within the howto.

I created the user ([email protected]) with the loginname testuser, within ISPConfig!
My question to you is: if you do the same like me, you also only see /? Not the dirs i mentioned above?

 

hmm my user can see dirs under shell and ftp
Admin User

Code:

-bash-3.1$ ls
Maildir  bin  cgi-bin  dev  etc  lib  log  phptmp  ssl  user  usr  var  web
-bash-3.1$ exit

User

Code:

-bash-3.1$ ls
Maildir  bin  dev  etc  lib  usr  var  web
-bash-3.1$ exit

Sry I should have looked before I spoke.. I only used "2.1 Install The Chrooted OpenSSH" of the tutorial and then enabled in ispconfig

 

Well Daveb,

What you see is what i expect, but i don't have that.
Within FTP, i see what you see. In SSH i don't...
But i restarted the ISPConfig server and now i do have the same result indeed!!
Happy me, so it's working now!

Do you know if it is possible for users (created in ispconfig) to create cronjobs ?
That would be nice.

 

That I have not tested Hans, but glade to see it working for ya now

 

Ok then, at least i am a step further now.
I asked you about creating cron jobs, because some clients want to use cronjobs to schedule some tasks for their website.
Thanks guys for the feedback!

 

Np Hans just glade I could help alittle. Btw if cronjobs works could you let me know since I havnt tried that yet.
Thanks

 

Hans I just tested crontab on my user and no it does not work so we need to add crontab to the chroot.

Code:

david:/home/david# ldd /usr/bin/crontab
        linux-gate.so.1 =>  (0xffffe000)
        libpam.so.0 => /lib/libpam.so.0 (0xb7ee8000)
        libselinux.so.1 => /lib/libselinux.so.1 (0xb7ed2000)
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7da1000)
        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7d9d000)
        libsepol.so.1 => /lib/libsepol.so.1 (0xb7d5c000)
        /lib/ld-linux.so.2 (0x80000000)
david:/home/david#

 

@ Daveb,
If the users, which are created with ISPConfig are not jailed, they can simply create a cronjob with te command:
crontab -e

This is different for chrooted users indeed and i don't know how to do it.
Is there a an instruction available how to do this?

I realise that it would be great if users can create cronjobs with ISPConfig, but they can't.

I also found this (for information only) but i don't understand completely:
http://www.howtoforge.com/forums/archive/index.php/t-3933.html

If i got it working, i let you know, of course!

 

I will try to come up with something today on the test machine.. I will let ya know.

well I have been working for awhile at this Hans and I am stumped for the moment.
this is where I am and need a push haha.

Code:

testuser@server1:/$ crontab -e
no crontab for testuser - using an empty one
Error opening terminal: xterm.
crontab: "/usr/bin/editor" exited with status 1

 

may be you need to set the EDITOR enviroment variable to your editor. Something like

Code:

export EDITOR=vi

 

@topdog
that worked thanks.
@Hans
let me group it all together and reinstall and I will give you results later today.