Shell access not really secure...

Ola there,

szenario: I access my webspace via ssh. noproblem ... works fine so far....
so I did my remote work and got the idea to change the directory to the top

... just watch....

Code:

login as: web1_admin
[email protected]'s password:
Linux server1.pc1mail.de 2.6.16-xen #2 SMP Sat Jun 10 20:17:18 CEST 2006 i686 GN                                                                             U/Linux
############################

        Ubuntu Breezy

###########################
No mail.
Last login: Sun Nov 19 21:38:10 2006 from p54a4d5c6.dip.t-dialin.net

web1_admin@server1:~$ cd /

^^ why is that possible?! I think it would be better to denie that ?!

web1_admin@server1:/$ ls -lach
total 128K
drwxr-xr-x   21 root root 4.0K Nov 10 16:39 .
drwxr-xr-x   21 root root 4.0K Nov 10 16:39 ..
drwxr-xr-x    3 root root 4.0K Nov 10 16:41 ISPconfig
drwxr-xr-x    2 root root 4.0K Nov 29 22:29 bin
drwxr-xr-x    2 root root 4.0K Jun 20 01:00 boot
drwxr-xr-x   11 root root  12K Nov 30 06:25 dev
drwxr-xr-x   72 root root 4.0K Nov 29 22:29 etc
drwxr-xr-x    5 root root 4.0K Nov 10 16:24 home
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 initrd
drwxr-xr-x   16 root root 8.0K Nov 10 15:39 lib
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 media
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 mnt
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 opt
dr-xr-xr-x  109 root root    0 Nov 23 18:28 proc
-rw-------    1 root root 2.0M Nov 30 15:15 quota.group
-rw-------    1 root root 2.0M Nov 30 15:15 quota.user
drwxr-xr-x    5 root root 4.0K Nov 23 21:40 root
drwxr-xr-x    2 root root 4.0K Nov 10 16:27 sbin
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 srv
drwxr-xr-x   12 root root    0 Nov 23 18:28 sys
drwxrwxrwt    2 root root 4.0K Nov 30 18:01 tmp
drwxr-xr-x   13 root root 4.0K Nov 10 15:20 usr
drwxr-xr-x   14 root root 4.0K Nov 10 15:53 var
web1_admin@server1:/$ mkdir /tmp/blub

^^ ahhm good ... lets create some new webspace for me .... :-)

web1_admin@server1:/$ ls -lach /tmp/
total 16K
drwxrwxrwt   3 root         root         4.0K Nov 30 18:36 .
drwxr-xr-x  21 root         root         4.0K Nov 10 16:39 ..
[...]
drwxr-xr-x   2 web1_admin   web1         4.0K Nov 30 18:36 blub
[...]
web1_admin@server1:/$ln -s /tmp/blub /ISPconfig/www/web1/web/MoreSpace

I thinkit's not good to give users read/write access outside their web .. otherwise they could use a little more webspace on teh system storage ;-)

and they are also allowed to have a look in webs of other costumers and watch their "secret" folders (.htpasswd) and stuff like that.

I think the best would be to give them a shell without _all_ commands ... only what they need ... like cp, mv, rm and stuff like that ... I like to call that "PissShell" because you cannot do much with it.


Leander

 

I used this: http://www.howtoforge.com/chrooted_ssh_howto_debian and users are now chrooted on my system..

 

thx - sounds great - but did I understand it correct that I have to do this manual for _every_ new user that I create in ISPconfig? Or will all users automatically chrootet in their allready excisting home directory?!

thx for helping

Leander

;-)

 

Thet are (on my Debian system) automatically chrootet in their allready excisting home directory!

 

allright - sounds great!

.. :-/ but I tried this how to two times and I'm allways failing here:

Code:

root@server1:/home/chroot# APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
root@server1:/home/chroot# for prog in $APPS;  do
>         cp $prog ./$prog
>
>         # obtain a list of related libraries
>         ldd $prog > /dev/null
>         if [ "$?" = 0 ] ; then
>                 LIBS=`ldd $prog | awk '{ print $3 }'`
>                 for l in $LIBS; do
>                         mkdir -p ./`dirname $l` > /dev/null 2>&1
>                         cp $l ./$l
>                 done
>         fi
> done
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
cp: cannot stat `(0xbfffe000)': No such file or directory
root@server1:/home/chroot#

the script doesn't work for me ... and if I go on anyway users will not be chrootet - I allready tried ;-(

any idea?

Thx !

Leander


[edit]

P.S.

I want to remind that the OS was a debootstrabt Ubu Brezzy (before I installed ISPconfig and stuff) where nothing except the essential things where installed ... so could it be that there's something missed at?

.. I allready tried the programms:

Code:

root@server1:/home/chroot# which bash ls mkdir mv pwd rm id ssh ping dircolors
/bin/bash
/bin/ls
/bin/mkdir
/bin/mv
/bin/pwd
/bin/rm
/usr/bin/id
/usr/bin/ssh
/bin/ping
/usr/bin/dircolors
root@server1:/home/chroot#

They're all there and also working - sowhat's the matter? ;-/

Thx !

Leander

 

What's the output of

Code:

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS;  do
         ldd $prog > /dev/null
         if [ "$?" = 0 ] ; then
                 LIBS=`ldd $prog | awk '{ print $3 }'`
                 for l in $LIBS; do
                         echo $l
                 done
         fi
 done

?

 

Thx Falko - the script seems nearly to work now - only some errors

Code:

root@server1:/home/chroot# APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
root@server1:/home/chroot# for prog in $APPS;  do
>          ldd $prog > /dev/null
>          if [ "$?" = 0 ] ; then
>                  LIBS=`ldd $prog | awk '{ print $3 }'`
>                  for l in $LIBS; do
>                          echo $l
>                  done
>          fi
>  done
(0xbfffe000)
/lib/libncurses.so.5
/lib/libdl.so.2
/lib/libc.so.6
(0xbfffe000)
/lib/librt.so.1
/lib/libacl.so.1
/lib/libc.so.6
/lib/libpthread.so.0
/lib/libattr.so.1
(0xbfffe000)
/lib/libc.so.6
(0xbfffe000)
/lib/libacl.so.1
/lib/libc.so.6
/lib/libattr.so.1
(0xbfffe000)
/lib/libc.so.6
(0xbfffe000)
/lib/libc.so.6
(0xbfffe000)
/lib/libc.so.6
(0xbfffe000)
/lib/libresolv.so.2
/usr/lib/i686/cmov/libcrypto.so.0.9.7
/lib/libutil.so.1
/usr/lib/libz.so.1
/lib/libnsl.so.1
/lib/libcrypt.so.1
/lib/libc.so.6
/lib/libdl.so.2
(0xbfffe000)
/lib/libresolv.so.2
/lib/libc.so.6
(0xbfffe000)
/lib/libc.so.6
root@server1:/home/chroot#

but if I go on in your howto and create this testuser the ssh login with it will fail... or better said - the login is ok, but the shell closes it self if I entered the password for the user and hit enter.
The login only works if I do this in a already opened shell ( if I change user from eg. admin to testuser) but even then the testuser is not chrootet ;-/

the login with the already existing ISPconfig users is still working - but nothing changed .. they can still access the root file tree and ake changes in some folders.

here is an output of the /etc/passwd after your how to - I changed nothing by myself:

Code:

testuser:x:10010:100:testuser:/home/chroot/./home/testuser:/bin/bash
web1_blub:x:10011:10001:blub:/ISPconfig/www/web1:/bin/bash

There is no A inside of it - but even if I change it to:

Code:

testuser:x:10010:100:testuser A:/home/chroot/./home/testuser:/bin/bash
web1_blub:x:10011:10001:blub A:/ISPconfig/www/web1:/bin/bash


and:
root@server1:/home/chroot# /etc/init.d/ssh restart

^^ it's still the same ;-/

I'm confuesd - what's my mistake? I guess it's still because of some errors in the script

Thx a lot!

Leander

;-)

 

What's the output of

Code:

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS;  do
         ldd $prog > /dev/null
         if [ "$?" = 0 ] ; then
                 LIBS=`ldd $prog | awk '{ print $3 }' | grep -v "("`
                 for l in $LIBS; do
                         echo $l
                 done
         fi
 done

?

Why should there be an A?

 

Hi Falko,

thx - the script is working now!
... but I did a mistake when I executed it the last time ... I did it in the

Code:

root@server1:/#

instead of

Code:

root@server1:/home/chroot#

I hope I didn' destroy anything - if yes where do I have to delete those copied stuff?


ok so the script is working now and I went on in your howto ... but it's still not woring ... :-/ I forgot anything and because of that I read your how to min 5 times ;-) and I still didn't work it out ..

here is my actual output of my /etc/passwd all the web users should be chrooted except the root and the admin ones ...

Code:

testuser@server1:/$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
dhcp:x:101:101::/nonexistent:/bin/false
syslog:x:102:102::/home/syslog:/bin/false
klog:x:103:103::/home/klog:/bin/false
admin:x:1000:1000:Administrator,,,:/home/admin:/bin/bash
sshd:x:100:65534::/var/run/sshd:/bin/false
postfix:x:104:108::/var/spool/postfix:/bin/false
fetchmail:x:105:65534::/var/run/fetchmail:/bin/sh
bind:x:106:110::/var/cache/bind:/bin/false
mysql:x:107:111:MySQL Server,,,:/var/lib/mysql:/bin/false
ftp:x:108:65534::/home/ftp:/bin/false
admispconfig:x:1001:1001:Administrator ISPConfig:/home/admispconfig:/bin/bash
web2_burr_peter:x:10002:10002:Burr_Peter:/ISPconfig/www/web2:/bin/bash
web3_milios_stefan:x:10003:10003:Milios_Stefan:/ISPconfig/www/web3:/bin/bash
web5_koeder_steffen:x:10007:10005:Koeder_Steffen:/ISPconfig/www/web5:/bin/false
web5_anderer:x:10009:10005:anderer:/ISPconfig/www/web5/user/web5_anderer:/bin/false
testuser:x:10010:100:testuser:/home/chroot/./home/testuser:/bin/bash
web1_admin:x:10001:10001:Schaefer_Leander:/ISPconfig/www/web1:/bin/bash
web1_blub:x:10011:10001:blub:/ISPconfig/www/web1/user/web1_blub:/bin/bash
testuser@server1:/$

I'm not sure if there is the mistake ... but I hope you could give me a clue where to search ;-/

Why there should be an A inside?!

^^ I looked up the /etc/passwd and tried to get it like that ... but it didn't work out.

Thx a lot

Leander

 

That user should work. Did you test it?

 

Yes I did - and I couldn't login from remote because if I tried to login via remote it closed the shell after I typed in the username and the passwd - so I didn't see any prompot - it's closiung itself before ... so there is something wrong...

but anyway ... if I am already loged in as any working user like root and type in that to login as testuser:

Code:

su - testuser

it will work to LOGIN and see a prompt... but I'm still not chrootet ....

have a look:

Code:

login as: root
[email protected]'s password:
Last login: Tue Dec  5 22:04:24 2006 from p54a4f1b4.dip.t-dialin.net
root@server1:~# ssh -l testuser localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is e4:ce:09:8a:46:68:00:48:de:4e:33:be:b5:55:4b:4c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
testuser@localhost's password:
Last login: Wed Dec  6 19:05:18 2006 from p54a4f1b4.dip.t-dialin.net
/bin/bash: No such file or directory
Connection to localhost closed.
root@server1:~#
root@server1:~#
root@server1:~#
root@server1:~# su - testuser
testuser@server1:~$ cd /
testuser@server1:/$ mkdir /tmp/blub
mkdir: cannot create directory `/tmp/blub': Disk quota exceeded
testuser@server1:/$ ls -lach /
total 132K
drwxr-xr-x   21 root root 4.0K Nov 10 16:39 .
drwxr-xr-x   21 root root 4.0K Nov 10 16:39 ..
drwxr-xr-x    3 root root 4.0K Nov 10 16:41 ISPconfig
drwxr-xr-x    2 root root 4.0K Nov 29 22:29 bin
drwxr-xr-x    2 root root 4.0K Jun 20 01:00 boot
drwxr-xr-x   11 root root  12K Dec  6 06:25 dev
drwxr-xr-x   73 root root 4.0K Dec  5 21:01 etc
drwxr-xr-x    6 root root 4.0K Nov 30 22:57 home
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 initrd
drwxr-xr-x   16 root root 8.0K Nov 10 15:39 lib
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 media
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 mnt
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 opt
dr-xr-xr-x  103 root root    0 Nov 23 18:28 proc
-rw-------    1 root root 2.0M Dec  6 15:15 quota.group
-rw-------    1 root root 2.0M Dec  6 15:15 quota.user
drwxr-xr-x    6 root root 4.0K Nov 30 23:04 root
drwxr-xr-x    2 root root 4.0K Nov 10 16:27 sbin
drwxr-xr-x    2 root root 4.0K Jun 20 00:57 srv
drwxr-xr-x   12 root root    0 Nov 23 18:28 sys
drwxrwxrwt    4 root root 8.0K Dec  6 15:15 tmp
drwxr-xr-x   14 root root 4.0K Nov 30 22:57 usr
drwxr-xr-x   15 root root 4.0K Nov 30 22:57 var
testuser@server1:/$ ls -lach /tmp/
Display all 141 possibilities? (y or n)
testuser@server1:/$ ls -lach /ISPconfig/
total 36K
drwxr-xr-x   3 root root 4.0K Nov 10 16:41 .
drwxr-xr-x  21 root root 4.0K Nov 10 16:39 ..
-rw-------   1 root root 313K Dec  6 15:15 quota.group
-rw-------   1 root root 313K Dec  6 15:15 quota.user
drwxr-xr-x   7 root root 4.0K Nov 13 15:33 www
testuser@server1:/$

here is the output of the script again:

Code:

root@server1:/home/chroot# APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /usr/bin/wget /usr/bin/clear /usr/bin/links /usr/bin/elinks /usr/bin/screen /usr/bin/nano /usr/bin/vi /usr/bin/vim /bin/cat /bin/grep /usr/bin/less /bin/more /usr/bin/find /usr/bin/locale /usr/bin/scp /usr/bin/whatis /usr/bin/man"
root@server1:/home/chroot# for prog in $APPS;  do
>          ldd $prog > /dev/null
>          if [ "$?" = 0 ] ; then
>                  LIBS=`ldd $prog | awk '{ print $3 }' | grep -v "("`
>                  for l in $LIBS; do
>                          echo $l
>                  done
>          fi
>  done

/lib/libncurses.so.5
/lib/libdl.so.2
/lib/libc.so.6
/lib/librt.so.1
/lib/libacl.so.1
/lib/libc.so.6
/lib/libpthread.so.0
/lib/libattr.so.1
/lib/libc.so.6
/lib/libacl.so.1
/lib/libc.so.6
/lib/libattr.so.1
/lib/libc.so.6
/lib/libc.so.6
/lib/libc.so.6
/lib/libresolv.so.2
/usr/lib/i686/cmov/libcrypto.so.0.9.7
/lib/libutil.so.1
/usr/lib/libz.so.1
/lib/libnsl.so.1
/lib/libcrypt.so.1
/lib/libc.so.6
/lib/libdl.so.2
/lib/libresolv.so.2
/lib/libc.so.6
/lib/libc.so.6
/usr/lib/i686/cmov/libssl.so.0.9.7
/usr/lib/i686/cmov/libcrypto.so.0.9.7
/lib/libdl.so.2
/lib/librt.so.1
/lib/libc.so.6
/lib/libpthread.so.0
/lib/libncurses.so.5
/lib/libdl.so.2
/lib/libc.so.6
/usr/lib/libgnutls.so.11
/usr/lib/liblua50.so.5.0
/usr/lib/liblualib50.so.5.0
/lib/libm.so.6
/usr/lib/libperl.so.5.8
/lib/libdl.so.2
/lib/libpthread.so.0
/lib/libc.so.6
/lib/libcrypt.so.1
/usr/lib/libgpm.so.1
/usr/lib/libz.so.1
/usr/lib/libbz2.so.1.0
/usr/lib/libexpat.so.1
/usr/lib/libgnutls-openssl.so.11
/usr/lib/libtasn1.so.2
/usr/lib/libgcrypt.so.11
/usr/lib/libgpg-error.so.0
/lib/libnsl.so.1
/usr/lib/libgnutls.so.11
/usr/lib/liblua50.so.5.0
/usr/lib/liblualib50.so.5.0
/lib/libm.so.6
/usr/lib/libperl.so.5.8
/lib/libdl.so.2
/lib/libpthread.so.0
/lib/libc.so.6
/lib/libcrypt.so.1
/usr/lib/libgpm.so.1
/usr/lib/libz.so.1
/usr/lib/libbz2.so.1.0
/usr/lib/libexpat.so.1
/usr/lib/libgnutls-openssl.so.11
/usr/lib/libtasn1.so.2
/usr/lib/libgcrypt.so.11
/usr/lib/libgpg-error.so.0
/lib/libnsl.so.1
/lib/libncursesw.so.5
/lib/libutil.so.1
/lib/libcrypt.so.1
/lib/libpam.so.0
/lib/libc.so.6
/lib/libdl.so.2
/lib/libncursesw.so.5
/lib/libc.so.6
/lib/libdl.so.2
/lib/libncurses.so.5
/usr/lib/libgpm.so.1
/lib/libc.so.6
/lib/libdl.so.2
/lib/libncurses.so.5
/usr/lib/libgpm.so.1
/lib/libc.so.6
/lib/libdl.so.2
/lib/libc.so.6
/lib/libc.so.6
/lib/libncurses.so.5
/lib/libc.so.6
/lib/libdl.so.2
/lib/libncurses.so.5
/lib/libc.so.6
/lib/libdl.so.2
/lib/libc.so.6
/lib/libc.so.6
/lib/libresolv.so.2
/usr/lib/i686/cmov/libcrypto.so.0.9.7
/lib/libutil.so.1
/usr/lib/libz.so.1
/lib/libnsl.so.1
/lib/libcrypt.so.1
/lib/libc.so.6
/lib/libdl.so.2
/usr/lib/libgdbm.so.3
/lib/libc.so.6
/usr/lib/libgdbm.so.3
/lib/libc.so.6
root@server1:/home/chroot#

did you see this error during the ssh login??

Code:

/bin/bash: No such file or directory

I guess it's still an script mistake. I would be very thankful if you could have a look at it again ;-)

Thanks a lot !!!

Leander

P.S.

Is that script & this Howto maybe written for debian?

 

Any errors in /var/log/auth.log?

Does /home/chroot/bin/bash exist?

Yes. I quote from the tutorial:

 

Hi Falko,

/bin/bash seems to be here:#

Code:

root@server1:~# ls -lach /home/chroot/
bin/  dev/  etc/  home/ lib/  usr/
root@server1:~# ls -lach /home/chroot/bin/
total 1016K
drwxr-xr-x  2 root root 4.0K Nov 30 23:31 .
drwxr-xr-x  8 root root 4.0K Nov 30 22:57 ..
-rwxr-xr-x  1 root root 631K Dec  6 19:18 bash
-rwxr-xr-x  1 root root  16K Nov 30 23:33 cat
-rwxr-xr-x  1 root root  87K Nov 30 23:33 grep
-rwxr-xr-x  1 root root  71K Dec  6 19:18 ls
-rwxr-xr-x  1 root root  20K Dec  6 19:18 mkdir
-rwxr-xr-x  1 root root  26K Nov 30 23:33 more
-rwxr-xr-x  1 root root  54K Dec  6 19:18 mv
-rwsr-xr-x  1 root root  31K Dec  6 19:18 ping
-rwxr-xr-x  1 root root  13K Dec  6 19:18 pwd
-rwxr-xr-x  1 root root  29K Dec  6 19:18 rm
root@server1:~#

the whole file is full of following errors:

Code:

[...
Dec  7 16:53:16 server1 getty[21020]: /dev/tty2: No such file or directory
Dec  7 16:53:16 server1 getty[21021]: /dev/tty3: No such file or directory
Dec  7 16:53:17 server1 getty[21024]: /dev/tty5: No such file or directory
Dec  7 16:53:17 server1 getty[21023]: /dev/tty6: No such file or directory
Dec  7 16:53:17 server1 getty[21022]: /dev/tty4: No such file or directory
Dec  7 16:53:26 server1 getty[21028]: /dev/tty3: No such file or directory
Dec  7 16:53:26 server1 getty[21027]: /dev/tty2: No such file or directory
Dec  7 16:53:27 server1 getty[21031]: /dev/tty4: No such file or directory
Dec  7 16:53:27 server1 getty[21029]: /dev/tty5: No such file or directory
Dec  7 16:53:27 server1 getty[21030]: /dev/tty6: No such file or directory
Dec  7 16:53:39 server1 sshd[21032]: Accepted password for root from 84.164.234.117 port 57634 ssh2
Dec  7 16:53:40 server1 sshd[21036]: (pam_unix) session opened for user root by root(uid=0)
...]

some more stuff ...:

Code:

root@server1:~# ls -lach /dev/tty2
ls: /dev/tty2: No such file or directory
root@server1:~# ls -lach /dev/tty
crw-rw-rw-  1 root root 5, 0 Nov 23 18:28 /dev/tty

why are my tty's all gone??

is it possible because of following mistake of me: the last time I when I want to test your script again I forgot to change the directory from / to /home/chroot/ - but the script worked anyway and copied stuff ... bu I ignored it .. and went on ... so i changed the directory correctly to /home/chroot/ and let the script copy the stuff again - and it also worked ...

I got no errors about, but is it possible that it destroyed anything in the / directory?

Thx for helping!!!

Leander

;-)

 

What's the output of

Code:

ls /dev

and

Code:

uname -a

? I guess you're using a kernel that uses udev.

 

Hi Falko,

hmmm that might be possible - I'm using the Xen kernel from my xen host.

Code:

root@server1:~# ls /dev
MAKEDEV  ptya1  ptybc  ptyd7  ptyp2  ptyqd  ptys8  ptyu3  ptyve  ptyx9  ptyz4  ram9     ttyb2  ttycd  ttye8  ttyq3  ttyre  ttyt9  ttyv4  ttywf  ttyya
console  ptya2  ptybd  ptyd8  ptyp3  ptyqe  ptys9  ptyu4  ptyvf  ptyxa  ptyz5  random   ttyb3  ttyce  ttye9  ttyq4  ttyrf  ttyta  ttyv5  ttyx0  ttyyb
core     ptya3  ptybe  ptyd9  ptyp4  ptyqf  ptysa  ptyu5  ptyw0  ptyxb  ptyz6  shm      ttyb4  ttycf  ttyea  ttyq5  ttys0  ttytb  ttyv6  ttyx1  ttyyc
cpu      ptya4  ptybf  ptyda  ptyp5  ptyr0  ptysb  ptyu6  ptyw1  ptyxc  ptyz7  sndstat  ttyb5  ttyd0  ttyeb  ttyq6  ttys1  ttytc  ttyv7  ttyx2  ttyyd
evtchn   ptya5  ptyc0  ptydb  ptyp6  ptyr1  ptysc  ptyu7  ptyw2  ptyxd  ptyz8  stderr   ttyb6  ttyd1  ttyec  ttyq7  ttys2  ttytd  ttyv8  ttyx3  ttyye
fd       ptya6  ptyc1  ptydc  ptyp7  ptyr2  ptysd  ptyu8  ptyw3  ptyxe  ptyz9  stdin    ttyb7  ttyd2  ttyed  ttyq8  ttys3  ttyte  ttyv9  ttyx4  ttyyf
full     ptya7  ptyc2  ptydd  ptyp8  ptyr3  ptyse  ptyu9  ptyw4  ptyxf  ptyza  stdout   ttyb8  ttyd3  ttyee  ttyq9  ttys4  ttytf  ttyva  ttyx5  ttyz0
hda1     ptya8  ptyc3  ptyde  ptyp9  ptyr4  ptysf  ptyua  ptyw5  ptyy0  ptyzb  tty      ttyb9  ttyd4  ttyef  ttyqa  ttys5  ttyu0  ttyvb  ttyx6  ttyz1
hda2     ptya9  ptyc4  ptydf  ptypa  ptyr5  ptyt0  ptyub  ptyw6  ptyy1  ptyzc  tty1     ttyba  ttyd5  ttyp0  ttyqb  ttys6  ttyu1  ttyvc  ttyx7  ttyz2
hdb1     ptyaa  ptyc5  ptye0  ptypb  ptyr6  ptyt1  ptyuc  ptyw7  ptyy2  ptyzd  ttya0    ttybb  ttyd6  ttyp1  ttyqc  ttys7  ttyu2  ttyvd  ttyx8  ttyz3
initctl  ptyab  ptyc6  ptye1  ptypc  ptyr7  ptyt2  ptyud  ptyw8  ptyy3  ptyze  ttya1    ttybc  ttyd7  ttyp2  ttyqd  ttys8  ttyu3  ttyve  ttyx9  ttyz4
input    ptyac  ptyc7  ptye2  ptypd  ptyr8  ptyt3  ptyue  ptyw9  ptyy4  ptyzf  ttya2    ttybd  ttyd8  ttyp3  ttyqe  ttys9  ttyu4  ttyvf  ttyxa  ttyz5
kmem     ptyad  ptyc8  ptye3  ptype  ptyr9  ptyt4  ptyuf  ptywa  ptyy5  ram0   ttya3    ttybe  ttyd9  ttyp4  ttyqf  ttysa  ttyu5  ttyw0  ttyxb  ttyz6
kmsg     ptyae  ptyc9  ptye4  ptypf  ptyra  ptyt5  ptyv0  ptywb  ptyy6  ram1   ttya4    ttybf  ttyda  ttyp5  ttyr0  ttysb  ttyu6  ttyw1  ttyxc  ttyz7
log      ptyaf  ptyca  ptye5  ptyq0  ptyrb  ptyt6  ptyv1  ptywc  ptyy7  ram10  ttya5    ttyc0  ttydb  ttyp6  ttyr1  ttysc  ttyu7  ttyw2  ttyxd  ttyz8
loop     ptyb0  ptycb  ptye6  ptyq1  ptyrc  ptyt7  ptyv2  ptywd  ptyy8  ram11  ttya6    ttyc1  ttydc  ttyp7  ttyr2  ttysd  ttyu8  ttyw3  ttyxe  ttyz9
lvm      ptyb1  ptycc  ptye7  ptyq2  ptyrd  ptyt8  ptyv3  ptywe  ptyy9  ram12  ttya7    ttyc2  ttydd  ttyp8  ttyr3  ttyse  ttyu9  ttyw4  ttyxf  ttyza
mapper   ptyb2  ptycd  ptye8  ptyq3  ptyre  ptyt9  ptyv4  ptywf  ptyya  ram13  ttya8    ttyc3  ttyde  ttyp9  ttyr4  ttysf  ttyua  ttyw5  ttyy0  ttyzb
mem      ptyb3  ptyce  ptye9  ptyq4  ptyrf  ptyta  ptyv5  ptyx0  ptyyb  ram14  ttya9    ttyc4  ttydf  ttypa  ttyr5  ttyt0  ttyub  ttyw6  ttyy1  ttyzc
net      ptyb4  ptycf  ptyea  ptyq5  ptys0  ptytb  ptyv6  ptyx1  ptyyc  ram15  ttyaa    ttyc5  ttye0  ttypb  ttyr6  ttyt1  ttyuc  ttyw7  ttyy2  ttyzd
null     ptyb5  ptyd0  ptyeb  ptyq6  ptys1  ptytc  ptyv7  ptyx2  ptyyd  ram2   ttyab    ttyc6  ttye1  ttypc  ttyr7  ttyt2  ttyud  ttyw8  ttyy3  ttyze
port     ptyb6  ptyd1  ptyec  ptyq7  ptys2  ptytd  ptyv8  ptyx3  ptyye  ram3   ttyac    ttyc7  ttye2  ttypd  ttyr8  ttyt3  ttyue  ttyw9  ttyy4  ttyzf
ppp      ptyb7  ptyd2  ptyed  ptyq8  ptys3  ptyte  ptyv9  ptyx4  ptyyf  ram4   ttyad    ttyc8  ttye3  ttype  ttyr9  ttyt4  ttyuf  ttywa  ttyy5  urandom
psaux    ptyb8  ptyd3  ptyee  ptyq9  ptys4  ptytf  ptyva  ptyx5  ptyz0  ram5   ttyae    ttyc9  ttye4  ttypf  ttyra  ttyt5  ttyv0  ttywb  ttyy6  xconsole
ptmx     ptyb9  ptyd4  ptyef  ptyqa  ptys5  ptyu0  ptyvb  ptyx6  ptyz1  ram6   ttyaf    ttyca  ttye5  ttyq0  ttyrb  ttyt6  ttyv1  ttywc  ttyy7  zero
pts      ptyba  ptyd5  ptyp0  ptyqb  ptys6  ptyu1  ptyvc  ptyx7  ptyz2  ram7   ttyb0    ttycb  ttye6  ttyq1  ttyrc  ttyt7  ttyv2  ttywd  ttyy8
ptya0    ptybb  ptyd6  ptyp1  ptyqc  ptys7  ptyu2  ptyvd  ptyx8  ptyz3  ram8   ttyb1    ttycc  ttye7  ttyq2  ttyrd  ttyt8  ttyv3  ttywe  ttyy9
root@server1:~#

and:

Code:

root@server1:~# uname -a
Linux server1.pc1mail.de 2.6.16-xen #2 SMP Sat Jun 10 20:17:18 CEST 2006 i686 GNU/Linux
root@server1:~# uname -r
2.6.16-xen
root@server1:~#

Thx a lot!

Leander

 

Ok, /dev isn't empty, but /dev/tty2 isn't existing. You can create it like this:

Code:

mknod /dev/tty2 c 4 2

For /dev/tty3 it's

Code:

mknod /dev/tty3 c 4 3

and so on.

 

Hi Falko,

ok I did that and after I did your howto again - but without success .... it's still the same error ... I can't login with testuser because of the missing bash and I still can change things with ISPconfig users in the /

 

I think you must create /dev/tty2, ... also in /home/chroot:

Code:

mknod /home/chroot/dev/tty2 c 4 2
mknod /home/chroot/dev/tty3 c 4 3
...

 

Hi Falko,

I also thougt of that and didi it like that, but it's still the same.

Code:

root@server1:~# ls -lach /home/chroot/dev/
total 8.0K
drwxr-xr-x  2 root root 4.0K Dec 11 17:02 .
drwxr-xr-x  8 root root 4.0K Nov 30 22:57 ..
crw-r--r--  1 root root 1, 3 Nov 30 22:57 null
crw-r--r--  1 root root 4, 2 Dec 11 17:02 tty2
crw-r--r--  1 root root 4, 3 Dec 11 17:02 tty3
crw-r--r--  1 root root 1, 5 Nov 30 22:57 zero
root@server1:~#

but anyway isn't there missed some stuff in /home/chroot/dev/ .... it's such less stuff inside this folder ....?!

Thx a lot

Leander

 

I'm running out of ideas now...