jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] is it possible to "sudo su - user" to a jailkit use

From: Richard Scott
Subject: Re: [Jailkit-users] is it possible to "sudo su - user" to a jailkit user?
Date: Mon, 03 Jun 2013 10:32:50 +0100
User-agent: Roundcube Webmail/0.9.1

Hi,


What is in your /var/log/messages?

I have this on a successful run of "su - richard":

Jun  3 10:31:19 fps1 jk_chrootsh[3411]: now entering jail /home/scott for user richard (1500) with arguments

Does yours show any errors?

Thanks,

Rich

 

On 03/06/2013 04:08, Marcus wrote:

Hi Oliver,
 
I am having a lot of trouble getting "su - testuser" to work if it includes a hyphen / dash ( I am trying to have the profile run)
 
I know you mentioned "the jk_chrootsh code is very strict and abort on anything that could be the start of hacking"
 
I looked at /var/log/auth.log and I am getting:
 
jk_chrootsh[25433]: abort, jk_chrootsh is called as -su
 
I am looking at the source file - jk_chrootsh.c for version 2.16 and I see this section which looks like where the error is coming from around line 206:
 
        if (strcmp(tmp, PROGRAMNAME) != 0 && strcmp(tmp, "su")!= 0 && (tmp[0] != '-' || strcmp(&tmp[1], PROGRAMNAME))) {
                DEBUG_MSG("wrong name, tmp=%s, &tmp[1]=%s\n", tmp, &tmp[1]);
                syslog(LOG_ERR, "abort, "PROGRAMNAME" is called as %s", argv[0]);
                exit(1);
        }   
 
 
It looks like it should allow "su" with "-" but it is not. According to Rich's notes (if I am reading it correctly) he is able to do it with the dash. Is this a bug in the code somehow? I'm trying to test more and fix it. I am also trying to sign up for the dev list because maybe that is a better place for this question.
 
Thanks,
Marcus
 
 

On May 30, 2013, at 5:14 PM, Olivier Sessink <address@hidden> wrote:

that is probably because the jk_chrootsh code is very strict and abort
on anything that could be the start of hacking. su does a funny thing
when calling the shell. su <> -c <> is explicitly enabled in the code
(earlier versions aborted on su -c too).

Olivier

On 05/30/2013 02:56 AM, Marcus Eting wrote:
Thanks Olivier and Rich. I changed the shell for the user to bash in /home/jail/etc/etc so I can SSH into the box as the user and the jail seems to be working fine - I have a pretty good understanding of what's going on with things so I think it is set up right.

However, I can't "su testuser" but  I was able to run "su testuser -c bash" to get the behavior I want  - that bit of progress was pretty exciting. Do you know why it won't work without the "-c bash" ?
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users


--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/


_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users


_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users

 

reply via email to
[Prev in Thread] Current Thread [Next in Thread]