[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-dev] [bug #40711] Enhancement - jk_jai luser must match use

From: Richard Scott
Subject: Re: [Jailkit-dev] [bug #40711] Enhancement - jk_jai luser must match user against UID/GID
Date: Wed, 27 Nov 2013 09:30:45 +0000
User-agent: Roundcube Webmail/0.9.5


It would be handy if the script updated the group and passwd files inside the jail after the local systems account has been created.

Does it work with more than one user per jail. What if the users are in different groups? what if the user is in more than one group?



On 26/11/2013 16:47, Declercq Laurent wrote:


                 Summary: Enhancement - jk_jailuser must match user against
                 Project: Jailkit
            Submitted by: nuxwin
            Submitted on: mar. 26 nov. 2013 16:47:30 GMT
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any



Hello ;

Often, a jailed SSH user is set with UID and GID of an existent user on the
system. For instance, it's the case of some ISP control panel (i-MSCP,
ispConfig...), which allow to setup a restricted SHELL for the customers:

1. An unix user without any privilege is created, which is used to run PHP/CGI
scripts, give an ftp access...
2. An another SSH user with identical UID/GID is created, which is jailed
using JailKit

Well, the problem with this pattern is that if the UID/GID of the "parent
user" are changed, the properties of the jailed SSH user must be changed too.
While this change is done easily using the usermod command, updating the
passwd file inside the jail is not so simple and furthermore should stay a
concern of the jk_jailuser script anyway.

Indeed, for now, when we run the jk_jailuser tool script several time, a check
is made on the presence of the user in the /etc/passwd file (inside the jail)
and on the homedir existence.

It could be great to also check the UID/GID and update them if they doesn't
match with those from the system passwd file.

BTW: I can provide a patch for such enhancement if you are ok.

Thanks you


Reply to this item at:


  Message posté via/par Savannah

Jailkit-dev mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]