[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006
|
From: |
Steve Wegner |
|
Subject: |
RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006 |
|
Date: |
Wed, 25 Oct 2006 08:52:24 -0500 |
Olivier,
I don't quite know what to make of the strace output. It is below in its
entirety, sorry for length. Also if I change shell to bash in real
/etc/passwd sftp works great, but I can of course also get a shell and
navigate around the server, which is not desired.
Strace output:
$ strace /usr/lib/ssh/sftp-server
execve("/usr/lib/ssh/sftp-server", ["/usr/lib/ssh/sftp-server"], [/* 51
vars */]) = 0
uname({sys="Linux", node="host.domain.com", ...}) = 0
brk(0) = 0x8052000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7fcc000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=90516, ...}) = 0
old_mmap(NULL, 90516, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7fb5000
close(3) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 3
read(3, "address@hidden"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=63276, ...}) = 0
old_mmap(NULL, 71784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7fa3000
old_mmap(0xb7fb1000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe000) = 0xb7fb1000
old_mmap(0xb7fb3000, 6248, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7fb3000
close(3) = 0
open("/usr/lib/libcrypto.so.0.9.7", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\312"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1068912, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7fa2000
old_mmap(NULL, 1086820, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0xb7e98000
old_mmap(0xb7f8c000, 73728, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf3000) = 0xb7f8c000
old_mmap(0xb7f9e000, 13668, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f9e000
mprotect(0xbfae1000, 4096,
PROT_READ|PROT_WRITE|PROT_EXEC|PROT_GROWSDOWN) = 0
close(3) = 0
open("/lib/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\f\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9660, ...}) = 0
old_mmap(NULL, 12432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7e94000
old_mmap(0xb7e96000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0xb7e96000
close(3) = 0
open("/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\26"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=73184, ...}) = 0
old_mmap(NULL, 76140, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7e81000
old_mmap(0xb7e93000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11000) = 0xb7e93000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2405\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=68576, ...}) = 0
old_mmap(NULL, 79872, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7e6d000
old_mmap(0xb7e7d000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xf000) = 0xb7e7d000
old_mmap(0xb7e7f000, 6144, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e7f000
close(3) = 0
open("/lib/libcrypt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\10\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=21872, ...}) = 0
old_mmap(NULL, 184604, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0xb7e3f000
old_mmap(0xb7e44000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x4000) = 0xb7e44000
old_mmap(0xb7e46000, 155932, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e46000
close(3) = 0
open("/usr/lib/libgssapi_krb5.so.2", O_RDONLY) = 3
read(3, "address@hidden"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=105504, ...}) = 0
old_mmap(NULL, 104336, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0xb7e25000
old_mmap(0xb7e3e000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0xb7e3e000
close(3) = 0
open("/usr/lib/libkrb5.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\365\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=533332, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7e24000
old_mmap(NULL, 536312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0xb7da1000
old_mmap(0xb7e22000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x80000) = 0xb7e22000
close(3) = 0
open("/usr/lib/libk5crypto.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3005\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=163452, ...}) = 0
old_mmap(NULL, 163044, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0xb7d79000
old_mmap(0xb7da0000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x27000) = 0xb7da0000
close(3) = 0
open("/lib/libcom_err.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000\t\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=5752, ...}) = 0
old_mmap(NULL, 8808, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7d76000
old_mmap(0xb7d78000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0xb7d78000
close(3) = 0
open("/lib/tls/libc.so.6", O_RDONLY) = 3
read(3, "address@hidden"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1246360, ...}) = 0
old_mmap(NULL, 1252316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0xb7c44000
old_mmap(0xb7d70000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12c000) = 0xb7d70000
old_mmap(0xb7d74000, 7132, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7d74000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\f\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9600, ...}) = 0
old_mmap(NULL, 12404, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7c40000
old_mmap(0xb7c42000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0xb7c42000
close(3) = 0
open("/usr/lib/libkrb5support.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\n\0\000"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=10828, ...}) = 0
old_mmap(NULL, 13824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0xb7c3c000
old_mmap(0xb7c3f000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0xb7c3f000
close(3) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c3b000
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7c3a000
mprotect(0xb7d70000, 4096, PROT_READ) = 0
mprotect(0xb7fe2000, 4096, PROT_READ) = 0
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7c3a6c0,
limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
limit_in_pages:1, seg_not_present:0, useable:1}) = 0
munmap(0xb7fb5000, 90516) = 0
open("/dev/null", O_RDWR|O_LARGEFILE) = 3
close(3) = 0
brk(0) = 0x8052000
brk(0x8073000) = 0x8073000
dup(0) = 3
dup(1) = 4
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL) = ? ERESTARTNOHAND (To be
restarted)
--- SIGWINCH (Window changed) @ 0 (0) ---
select(5, [3], [], NULL, NULL
) = 1 (in [3])
read(3, " \n", 16384) = 2
select(5, [3], [], NULL, NULL
) = 1 (in [3])
read(3, "\n", 16384) = 1
select(5, [3], [], NULL, NULL
) = 1 (in [3])
read(3, "\n", 16384) = 1
select(5, [3], [], NULL, NULL
) = 1 (in [3])
read(3, "\n", 16384) = 1
write(2, "bad message \r\n", 14bad message
) = 14
exit_group(11) = ?
Process 15692 detached
-----Original Message-----
From: jailkit-users-bounces On Behalf Of Olivier Sessink
Sent: Wednesday, October 25, 2006 1:04 AM
To: address@hidden
Subject: Re: [Jailkit-users] issue with jk_jailuser on Mandriva 2006
Steve Wegner wrote:
> Trying to get Jail kit sftp scp only to work.
>
> My user is test, my jail is /var/sftproot
>
> When I run jk_jailuser I get:
>
> # jk_jailuser -m -j /var/sftproot test Traceback (most recent call
> last):
> File "/usr/sbin/jk_jailuser", line 297, in ?
> main()
> File "/usr/sbin/jk_jailuser", line 288, in main
> jailuser(jail, username, movehome, config)
> File "/usr/sbin/jk_jailuser", line 177, in jailuser
> shutil.copy(oldhome, newhome)
> File "/usr/lib/python2.4/shutil.py", line 81, in copy
> copyfile(src, dst)
> File "/usr/lib/python2.4/shutil.py", line 47, in copyfile
> fsrc = open(src, 'rb')
> IOError: [Errno 21] Is a directory
this is the last step, the users home directory is moved to the jail.
I'll have to see why this fails.
> When I do it this way I try to sftp and my connection appears
> succsesful but closes connection right away. Log file says:
>
> Oct 24 22:32:40 hostname sshd[3546]: Accepted password for test from
> 10.11.12.13 port 8281 ssh2
> Oct 24 22:32:40 hostname sshd[3548]: subsystem request for sftp Oct 24
> 22:32:40 hostname jk_chrootsh[3549]: now entering jail /var/sftproot
> for user test (512) Oct 24 22:32:40 hostname jk_lsh[3549]: jk_lsh
> version 2.1, started Oct 24 22:32:40 hostname jk_lsh[3549]: executing
> command '/usr/lib/ssh/sftp-server' for user test (512)
>
> That's as far as I can get.
this is the point where jailkit is finished and everything should work
(because the sftp server is started). I've never seen it failing in this
stage... I don't have a solution, but I have some ideas for debugging:
1) use `strace` as described in the howto to see why sftp-server fails
2) change the shell in the real /etc/passwd to bash and see if you can
use sftp (does sftp work at all on your system for this user)
regards,
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users
- [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/24
- Re: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Olivier Sessink, 2006/10/25
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006,
Steve Wegner <=
- Re: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Olivier Sessink, 2006/10/25
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/25
- Re: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Olivier Sessink, 2006/10/25
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/25
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/25
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/25
- Re: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Olivier Sessink, 2006/10/26
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/26
- Re: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Olivier Sessink, 2006/10/26
- RE: [Jailkit-users] issue with jk_jailuser on Mandriva 2006, Steve Wegner, 2006/10/26