Re: [Jailkit-dev] more jk_jailuser bugs

[Olivier Sessink]

Stephen Tallowitz wrote:
> Hello Oli,
> 
> 
>>I think that all jailkit programs should work, regardless if the
>>directories are used with a trailing slash or not. But can you re-try if
>>the directory possibly contained files already (possible hidden files?)
> 
> 
> The recent CVS version works fine. However, the trailing slash problem 
> remains. See output below. I must admit though, that the trailing slash in 
> /etc/passwd was generated by me, not by any tools. After testing jk_jailuser 
> I reset the user entry using "usermod -d /home/jailtest/ jailtest". The 
> trailing slash, of course, was produced by bash autocompletion. So this 
> trailing slash problem should remain a very rare case. 
> /srv/jaily/home/jailtest directory is also an empty directory, so this wasn't 
> the cause of the problem in the first place.
> 
> No trailing slash in /etc/passwd:
> -----
> mulinux / # jk_jailuser -j /srv/jaily/ -v -s /bin/bash -m jailtest
> adding user jailtest to /srv/jaily/etc/passwd with shell /bin/bash
> adding group users to /srv/jaily/etc/group
> modify user jailtest; dir /srv/jaily/./home/jailtest and shell 
> /usr/sbin/jk_chrootsh
> moving files from /home/jailtest to /srv/jaily/./home/jailtest
> -----
> 
> Trailing slash in /etc/passwd:
> -----
> mulinux / # jk_jailuser -j /srv/jaily/ -v -s /bin/bash -m jailtest
> adding user jailtest to /srv/jaily/etc/passwd with shell /bin/bash
> adding group users to /srv/jaily/etc/group
> modify user jailtest; dir /srv/jaily/./home/jailtest/ and shell 
> /usr/sbin/jk_chrootsh
> creating directory /srv/jaily/./home/jailtest
> moving files from /home/jailtest/ to /srv/jaily/./home/jailtest/
> FAILED TO MOVE /home/jailtest/ TO /srv/jaily/./home/jailtest/. Possibly the 
> target is full, or read-only, or the target directory already exists

hmm I have to test with python 2.4 too... perhaps the shutil.move()
function has changed. It seems it is a python2.4 issue then, so
jk_jailuser should strip the trailing slash of the current home directory.

> One, which seems to be a python error:
> When the directory is moved from one filesystem to the other, all contents
> are *created* at the new location before they get deleted at the old location
>. But the new files and directories are created with the user under
which the
> move is being made. So as jk_jailuser is being executed by root,
> I now have /srv/jail/home/jailtest and all its contents owned by
root:root.
> Oli, as you're moving the home directory within the same filesystem, I
> don't suppose you're seeing this problem?

I have to test that, but that is a serious issue indeed...

> Two, secondary groups. When I have user "jailtest" in primary group "users", 
> but in secondary groups jailtest1 and jailtest2, those secondary groups are 
> not created in the jail and assigned to the user. Intentional bevaviour? I 
> actually discovered this in jk_addjailuser, but in its' manpage you mention 
> jk_addjailuser will be replaced by jk_jailuser.
> 

I suppose jk_jailuser should indeed make sure all groups are sync'ed for
any jailed user. I'll have to fix that.

thanks again,

        Olivier