|Subject:||Re: [Jailkit-dev] [bug #40711] Enhancement - jk_jai luser must match user against UID/GID|
|Date:||Wed, 27 Nov 2013 09:30:45 +0000|
It would be handy if the script updated the group and passwd files inside the jail after the local systems account has been created.
Does it work with more than one user per jail. What if the users are in different groups? what if the user is in more than one group?
On 26/11/2013 16:47, Declercq Laurent wrote:
URL: <http://savannah.nongnu.org/bugs/?40711> Summary: Enhancement - jk_jailuser must match user against UID/GID Project: Jailkit Submitted by: nuxwin Submitted on: mar. 26 nov. 2013 16:47:30 GMT Category: None Severity: 3 - Normal Item Group: None Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any _______________________________________________________ Details: Hello ; Often, a jailed SSH user is set with UID and GID of an existent user on the system. For instance, it's the case of some ISP control panel (i-MSCP, ispConfig...), which allow to setup a restricted SHELL for the customers: 1. An unix user without any privilege is created, which is used to run PHP/CGI scripts, give an ftp access... 2. An another SSH user with identical UID/GID is created, which is jailed using JailKit Well, the problem with this pattern is that if the UID/GID of the "parent user" are changed, the properties of the jailed SSH user must be changed too. While this change is done easily using the usermod command, updating the passwd file inside the jail is not so simple and furthermore should stay a concern of the jk_jailuser script anyway. Indeed, for now, when we run the jk_jailuser tool script several time, a check is made on the presence of the user in the /etc/passwd file (inside the jail) and on the homedir existence. It could be great to also check the UID/GID and update them if they doesn't match with those from the system passwd file. BTW: I can provide a patch for such enhancement if you are ok. Thanks you _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?40711> _______________________________________________ Message posté via/par Savannah http://savannah.nongnu.org/ _______________________________________________ Jailkit-dev mailing list address@hidden https://lists.nongnu.org/mailman/listinfo/jailkit-dev
|[Prev in Thread]||Current Thread||[Next in Thread]|