jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] jk_lsh[7742]: cannot find user info for USER guest:


From: John Pilkington
Subject: Re: [Jailkit-users] jk_lsh[7742]: cannot find user info for USER guest: Success (2)
Date: Wed, 9 Jan 2019 19:12:56 +0000

Hello again Olivier,

So I must be barking up the wrong tree because, further to my previous email, I find that scp works properly. For example  from remote console:
>scp address@hidden:Public/PM_prefs_public.R C:\Users\John
>address@hidden's password:
PM_prefs_public.R 100% 11KB 11.2 Kb/s 00:00

The last tracefile exits with 0. The sftp last tracefile exits with 4. So can I deduce that the problem with sftp lies in the last few lines of the last tracefile: Clearly my suggestion about  the paths is incorrect since the same lines appear in the scp tracefile:

lstat64("/srv/sftpjail/bin/", 0x7eb176d8) = -1 ENOENT (No such file or directory)
lstat64("/srv/sftpjail/sbin/", 0x7eb176d8) = -1 ENOENT (No such file or directory)

So Please ignore my previous email!

Thanks,

John



On Mon, Jan 7, 2019 at 7:47 PM Olivier Sessink <address@hidden> wrote:
On 05-01-19 13:27, John Pilkington wrote:
> Hello Olivier, and Happy New Year! I imagine this email will do
> nothing to make it happier, but here goes ...
>
> You will remember that I had a problem with making an sftp/scp only
> shell for a jailed user. On starting an sftp session, the connection
> closes immediately upon entering the password, and it looks like
> getpwnam() succeeds, but not actually in the way it should.
>
> Thank you very much for kindly offering to look at the trace logs
> produced by strace. Thank you also for telling me about strace: I can
> see that it is a hugely powerful tool and I was also delighted to find
> that it is included in the Raspbian Stretch OS on my Raspberry Pis.
> But, yes, I think it needs more expertise than I have to interpret the
> output.
>
> So I followed your excellent instructions about debugging without a
> shell in the jail, and obtained seven tracefiles. I take the liberty
> of including them all below, but I suspect that the last one, 2544, is
> the important one. Originally, this had about 1000 lines of "BAD FILE
> DESCRIPTOR" from line 234. I've removed all except the first and last
> few, but obviously there is something wrong here, though I cannot work
> out what it might be.
>
> To remind you, I have user "guest" with password "guest" jailed
> in /srv/sftpjail/home/guest.
>
> I have picked out what seem to me cardinal events in tracefile.2544;
> I'll set them out here so that you can see I have done at least some
> work for myself!
>
> Line 29:    chdir("srv/sftpjail/./home/guest") looks OK
> Line 36:    /etc/ssh/sshrc  No such file or directory. This may be the
> first sign of trouble? Certainly there is no such file or directory,
> either in /srv/sftpjail/etc or in /etc/ssh. Should there be? And
> should it be at the "real" root or the jailed root?
> Line 195: open /etc/passwd, retunr value 3: looks OK?
> Line 210: open /etc/group, return value 3: looks OK?
> Line 220: open /etc/jailkit/jk.chrootsh.ini, return value 3: looks OK?
> Line 234 onwards: "BAD FILE DESCRIPTOR" Oh dear
>
> Line 267 (re-numbered) chroot("/srv/ftpjail"), looks like we haven't
> failed terminally yet? 
> Line 292 chdir("/home/guest")
>
> Line 503 exited with 2. I assume that from here we recurse back
> through the other processes, at some point undoing the chroot at line
> 267. I haven't found that.
>
> Olivier, I feel really bad asking you to look at this stuff. Please
> let me know if you see anything obvious here,  but I cannot ask you to
> spend a lot of time on it and will be very happy if you can just point
> me in the right direction. Am I anywhere near right in my interpretation?


can you check if libnss_compat.so.2 from your real system is copied into
the jail? This library is related to user logins. In the logs it seeks
this library in several locations, such as 
/usr/lib/arm-linux-gnueabihf/libnss_compat.so.2 and
/lib/tls/vfp/libnss_compat.so.2 /lib/libnss_compat.so.2

in jk_init.ini we only have /lib/x86_64-linux-gnu/libnss*.so.2 and
several other (such as i386) but you are running on a raspberry pi, so
there is no x86_64-linux-gnu directory. This could be the source of the
problem. (you might want to check jk_init.ini for more directories that
refer to x86_64)

Olivier



--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/



_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users

reply via email to

[Prev in Thread] Current Thread [Next in Thread]