|
From: | Richard Scott |
Subject: | Re: [Jailkit-users] is it possible to "sudo su - user" to a jailkit user? |
Date: | Mon, 03 Jun 2013 10:32:50 +0100 |
User-agent: | Roundcube Webmail/0.9.1 |
Hi,
What is in your /var/log/messages?
I have this on a successful run of "su - richard":
Jun 3 10:31:19 fps1 jk_chrootsh[3411]: now entering jail /home/scott for user richard (1500) with arguments
Does yours show any errors?
Thanks,
Rich
On 03/06/2013 04:08, Marcus wrote:
Hi Oliver,I am having a lot of trouble getting "su - testuser" to work if it includes a hyphen / dash ( I am trying to have the profile run)I know you mentioned "the jk_chrootsh code is very strict and abort on anything that could be the start of hacking"I looked at /var/log/auth.log and I am getting:jk_chrootsh[25433]: abort, jk_chrootsh is called as -suI am looking at the source file - jk_chrootsh.c for version 2.16 and I see this section which looks like where the error is coming from around line 206:if (strcmp(tmp, PROGRAMNAME) != 0 && strcmp(tmp, "su")!= 0 && (tmp[0] != '-' || strcmp(&tmp[1], PROGRAMNAME))) {DEBUG_MSG("wrong name, tmp=%s, &tmp[1]=%s\n", tmp, &tmp[1]);syslog(LOG_ERR, "abort, "PROGRAMNAME" is called as %s", argv[0]);exit(1);}It looks like it should allow "su" with "-" but it is not. According to Rich's notes (if I am reading it correctly) he is able to do it with the dash. Is this a bug in the code somehow? I'm trying to test more and fix it. I am also trying to sign up for the dev list because maybe that is a better place for this question.Thanks,Marcus
On May 30, 2013, at 5:14 PM, Olivier Sessink <address@hidden> wrote:
that is probably because the jk_chrootsh code is very strict and abort
on anything that could be the start of hacking. su does a funny thing
when calling the shell. su <> -c <> is explicitly enabled in the code
(earlier versions aborted on su -c too).
Olivier
On 05/30/2013 02:56 AM, Marcus Eting wrote:
Thanks Olivier and Rich. I changed the shell for the user to bash in /home/jail/etc/etc so I can SSH into the box as the user and the jail seems to be working fine - I have a pretty good understanding of what's going on with things so I think it is set up right.
However, I can't "su testuser" but I was able to run "su testuser -c bash" to get the behavior I want - that bit of progress was pretty exciting. Do you know why it won't work without the "-c bash" ?
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
_______________________________________________ Jailkit-users mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/jailkit-users
[Prev in Thread] | Current Thread | [Next in Thread] |