[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user aga
From: |
Declercq Laurent |
Subject: |
[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user against UID/GID |
Date: |
Tue, 26 Nov 2013 16:47:31 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?40711>
Summary: Enhancement - jk_jailuser must match user against
UID/GID
Project: Jailkit
Submitted by: nuxwin
Submitted on: mar. 26 nov. 2013 16:47:30 GMT
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
Hello ;
Often, a jailed SSH user is set with UID and GID of an existent user on the
system. For instance, it's the case of some ISP control panel (i-MSCP,
ispConfig...), which allow to setup a restricted SHELL for the customers:
1. An unix user without any privilege is created, which is used to run PHP/CGI
scripts, give an ftp access...
2. An another SSH user with identical UID/GID is created, which is jailed
using JailKit
Well, the problem with this pattern is that if the UID/GID of the "parent
user" are changed, the properties of the jailed SSH user must be changed too.
While this change is done easily using the usermod command, updating the
passwd file inside the jail is not so simple and furthermore should stay a
concern of the jk_jailuser script anyway.
Indeed, for now, when we run the jk_jailuser tool script several time, a check
is made on the presence of the user in the /etc/passwd file (inside the jail)
and on the homedir existence.
It could be great to also check the UID/GID and update them if they doesn't
match with those from the system passwd file.
BTW: I can provide a patch for such enhancement if you are ok.
Thanks you
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?40711>
_______________________________________________
Message posté via/par Savannah
http://savannah.nongnu.org/
- [Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user against UID/GID,
Declercq Laurent <=