[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Some problems with home directories and users with s

From: Daniel Rossi
Subject: Re: [Jailkit-users] Some problems with home directories and users with same user id
Date: Sun, 8 Jun 2008 07:49:09 +1000

On 08/06/2008, at 7:39 AM, Olivier Sessink wrote:

Daniel Rossi wrote:
Hi there, I am currently implementing jailkit support into the ISPConfig software. I've run into issues trying to get a chrooted user to login to their own home directory. With the new version of the server, a 'parent' web user ie web1 is created with a group called client0 etc. When adding shell users to this account / site , the shell user gets the same user id and group id as the parent web user for permissions etc. The parent web user does not get a shell login, it gets sent to /bin/false.

I think you're walkin on thin ice. Although it works in several situations, AFAIK the results of having multiple users with the same user ID are undefined. I'm not completely sure though, perhaps this is compliant with the posix standards.

The issue I am having is logback sees the logged in user as the parent user web1 so is trying to login to it's home directory not the logged in users directory.

what happens is that the jk_chroot runs with user ID 0, and once inside the jail has to become the normal user again. So once inside the jail jk_chrootsh looks up the username of the original user ID, and becomes that user. If you have multiple usernames associated with that user ID the results are pretty much undefined.


ive worked around it by setting USER and HOME to $LOGINUSER or whatever it is in bashrc. Then call cd to move into the right directory. So ownership of the files should still be ok without the same user id ? I believe if the files are owned different to that uid suexec for instance in apache will complain hence why its that that way. I see in the jk_chroot source that the environment variables are set there, but instead of the user logging in its the user of the user id. Are you saying my work around is not doable ?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]