[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user aga

jailkit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user aga

From:	Declercq Laurent
Subject:	[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user against UID/GID
Date:	Tue, 26 Nov 2013 16:47:31 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36

URL:
  <http://savannah.nongnu.org/bugs/?40711>

                 Summary: Enhancement - jk_jailuser must match user against
UID/GID
                 Project: Jailkit
            Submitted by: nuxwin
            Submitted on: mar. 26 nov. 2013 16:47:30 GMT
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

Hello ;

Often, a jailed SSH user is set with UID and GID of an existent user on the
system. For instance, it's the case of some ISP control panel (i-MSCP,
ispConfig...), which allow to setup a restricted SHELL for the customers:

1. An unix user without any privilege is created, which is used to run PHP/CGI
scripts, give an ftp access...
2. An another SSH user with identical UID/GID is created, which is jailed
using JailKit

Well, the problem with this pattern is that if the UID/GID of the "parent
user" are changed, the properties of the jailed SSH user must be changed too.
While this change is done easily using the usermod command, updating the
passwd file inside the jail is not so simple and furthermore should stay a
concern of the jk_jailuser script anyway.

Indeed, for now, when we run the jk_jailuser tool script several time, a check
is made on the presence of the user in the /etc/passwd file (inside the jail)
and on the homedir existence.

It could be great to also check the UID/GID and update them if they doesn't
match with those from the system passwd file.

BTW: I can provide a patch for such enhancement if you are ok.

Thanks you




    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?40711>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user against UID/GID, Declercq Laurent <=
- Re: [Jailkit-dev] [bug #40711] Enhancement - jk_jai luser must match user against UID/GID, Richard Scott, 2013/11/27

Prev by Date: [Jailkit-dev] [bug #36906] jk_init xterm broken on Debian Squeeze
Next by Date: Re: [Jailkit-dev] [bug #40711] Enhancement - jk_jai luser must match user against UID/GID
Previous by thread: [Jailkit-dev] [bug #36906] jk_init xterm broken on Debian Squeeze
Next by thread: Re: [Jailkit-dev] [bug #40711] Enhancement - jk_jai luser must match user against UID/GID
Index(es):
- Date
- Thread