Re: [Jailkit-users] Jailkit confusion

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Jailkit confusion

From:	Paul Mitchell
Subject:	Re: [Jailkit-users] Jailkit confusion
Date:	Fri, 23 Oct 2009 16:13:02 -0400 (EDT)
User-agent:	Alpine 2.00 (LRH 1167 2008-08-23)

Oops, I just found an old note from Olivier:

On Thu, 3 Sep 2009, Olivier Sessink wrote:
As it turns out, my users are using an and SSH/sftp client which jailkit
doesn't allow in. (I can run sftp form a unix command line, however,

and

it works - but my users will be, for the most part, running windows).


I know 'WinSCP' has an option (the default) sftp with fallback that
doesn't work because it tries to get an interactive shell first before
starting the sftp session. If you use 'sftp without fallback' it works.

For other clients I assume they have similar options.

Which seems to be part of the problem I'm experiencing....

Paul


On Fri, 23 Oct 2009, Paul Mitchell wrote:

Hello,
I'm trying to move a user into jailkit, restricted to sftp connections.

I've actually moved myself in as a test case, and from another server
I can sftp sucessfully (note I'm running command line sftp on a Solarisclient to reach my server with jailkit, which is redhat linux):
-bash-3.00$ sftp elndz01m
Connecting to elndz01m...
The authenticity of host 'elndz01m
RSA key fingerprint is
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts(/export/home/pmitchel/.ssh/known_hosts).
address@hidden's password:
sftp> ls
.
..
.bash_history
pmitchel
sftp>

My entry in the /etc/passwd file is:
pmitchel:x:11xxx:11xxx:PaulMitchell:/home/jail/./home/pmitchel:/usr/sbin/jk_chrootsh
(note: I x'd out a few numbers for paranoidal sake!^)

Here's the user I'm trying to ge in:

grep faxian /etc/passwd
faxian:x:16xxxx:16xxxx:FaxianYang:/home/jail/./home/faxian:/usr/sbin/jk_chrootsh
my /etc/jailkit/jk_lsh.ini looks like:
cat /etc/jailkit/jk_lsh.ini
## example for a user
[DEFAULT]
paths= /usr/lib/
executables= /usr/lib/sftp-server
allow_word_expansion = 0
umask = 002
#
## example for a user
[faxian]
paths= /usr/lib/
executables= /usr/lib/sftp-server
allow_word_expansion = 0
umask = 002

## example for a user
[pmitchel]
paths= /usr/lib/
executables= /usr/lib/sftp-server
allow_word_expansion = 0
umask = 002
#
##example for a group, there should be only 1 space inbetween the words!
#[group users]
#paths = /usr/bin
#executables = /usr/bin/cvs
#allow_word_expansion = 0
#environment= HELIX_PATH=/opt/RealPlayer/, TMP=/tmp/

[group admission]
paths= /usr/bin, /usr/lib/
executables= /usr/bin/scp, /usr/lib/sftp-server,/usr/lib/openssh/sftp-server, /usr/libexec/sftp-server
address@hidden jailkit]#

Curiously, I get the following errors:
Oct 21 14:34:14 elndz01m rpc.idmapd[8656]: nss_getpwnam: name'address@hidden' does not map into domain 'localdomain'Oct 21 15:25:50 elndz01m jk_chrootsh[30657]: now entering jail /home/jail foruser faxian (164890)Oct 21 15:48:09 elndz01m jk_chrootsh[30715]: now entering jail /home/jail foruser faxian (164890)Oct 21 15:48:18 elndz01m jk_chrootsh[30723]: now entering jail /home/jail foruser faxian (164890)Oct 22 11:23:59 elndz01m jk_chrootsh[2090]: now entering jail /home/jail foruser faxian (164890)Oct 22 11:25:09 elndz01m jk_chrootsh[2100]: now entering jail /home/jail foruser faxian (164890)Oct 23 12:02:27 elndz01m jk_chrootsh[6948]: now entering jail /home/jail foruser faxian (164890)Oct 23 12:03:00 elndz01m jk_chrootsh[6958]: now entering jail /home/jail foruser faxian (164890)Oct 23 12:03:37 elndz01m jk_chrootsh[6969]: now entering jail /home/jail foruser faxian (164890)Oct 23 12:07:30 elndz01m jk_chrootsh[7049]: now entering jail /home/jail foruser faxian (164890)Oct 23 16:07:30 elndz01m jk_lsh[7049]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 13:42:03 elndz01m jk_chrootsh[7472]: now entering jail /home/jail foruser faxian (164890)Oct 23 17:42:03 elndz01m jk_lsh[7472]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 13:42:39 elndz01m jk_chrootsh[7480]: now entering jail /home/jail foruser faxian (164890)Oct 23 17:42:39 elndz01m jk_lsh[7480]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 13:43:54 elndz01m jk_chrootsh[7490]: now entering jail /home/jail foruser faxian (164890)Oct 23 17:43:54 elndz01m jk_lsh[7490]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 13:45:21 elndz01m jk_chrootsh[7502]: now entering jail /home/jail foruser faxian (164890)Oct 23 17:45:21 elndz01m jk_lsh[7502]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 14:20:29 elndz01m jk_chrootsh[7617]: now entering jail /home/jail foruser faxian (164890)Oct 23 18:20:29 elndz01m jk_lsh[7617]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 14:21:14 elndz01m jk_chrootsh[7628]: now entering jail /home/jail foruser faxian (164890)Oct 23 18:21:14 elndz01m jk_lsh[7628]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.iniOct 23 15:08:08 elndz01m jk_chrootsh[7833]: now entering jail /home/jail foruser faxian (164890)Oct 23 19:08:08 elndz01m jk_lsh[7833]: did neither find a section 'faxian',nor 'group faxian' nor 'DEFAULT' in configfile /etc/jailkit/jk_lsh.ini
I'm confused, I have both a DEFAULT and faxian entry in the file.

Any ideas?

Thanks,

Paul Mitchell

==============================================================================
       Paul Mitchell
        Enterprise Systems
       email: address@hidden
        NOTE: new location: 440 Franklin, cubby 1213
        NOTE: new desk phone: 919 962-2521 (Is here!^)
==============================================================================



_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users


==============================================================================
        Paul Mitchell
        Enterprise Systems
        email: address@hidden
        NOTE: new location: 440 Franklin, cubby 1213
        NOTE: new desk phone: 919 962-2521 (Is here!^)
==============================================================================

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] ERROR: failed to execute shel, Martin Fuxa, 2009/10/22
- Re: [Jailkit-users] ERROR: failed to execute shel, Olivier Sessink, 2009/10/23
  - [Jailkit-users] Jailkit confusion, Paul Mitchell, 2009/10/23
    - Re: [Jailkit-users] Jailkit confusion, Paul Mitchell <=
- [Jailkit-users] Re: ERROR: failed to execute shel - SOLVED, Martin Fuxa, 2009/10/26

Prev by Date: [Jailkit-users] Jailkit confusion
Next by Date: [Jailkit-users] Re: ERROR: failed to execute shel - SOLVED
Previous by thread: [Jailkit-users] Jailkit confusion
Next by thread: [Jailkit-users] Re: ERROR: failed to execute shel - SOLVED
Index(es):
- Date
- Thread