[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user aga
[Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user against UID/GID
Tue, 26 Nov 2013 16:47:31 +0000
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.48 Safari/537.36
Summary: Enhancement - jk_jailuser must match user against
Submitted by: nuxwin
Submitted on: mar. 26 nov. 2013 16:47:30 GMT
Severity: 3 - Normal
Item Group: None
Assigned to: None
Discussion Lock: Any
Often, a jailed SSH user is set with UID and GID of an existent user on the
system. For instance, it's the case of some ISP control panel (i-MSCP,
ispConfig...), which allow to setup a restricted SHELL for the customers:
1. An unix user without any privilege is created, which is used to run PHP/CGI
scripts, give an ftp access...
2. An another SSH user with identical UID/GID is created, which is jailed
Well, the problem with this pattern is that if the UID/GID of the "parent
user" are changed, the properties of the jailed SSH user must be changed too.
While this change is done easily using the usermod command, updating the
passwd file inside the jail is not so simple and furthermore should stay a
concern of the jk_jailuser script anyway.
Indeed, for now, when we run the jk_jailuser tool script several time, a check
is made on the presence of the user in the /etc/passwd file (inside the jail)
and on the homedir existence.
It could be great to also check the UID/GID and update them if they doesn't
match with those from the system passwd file.
BTW: I can provide a patch for such enhancement if you are ok.
Reply to this item at:
Message posté via/par Savannah
- [Jailkit-dev] [bug #40711] Enhancement - jk_jailuser must match user against UID/GID,
Declercq Laurent <=