[Jailkit-dev] jk_jailuser bugs

jailkit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] jk_jailuser bugs

From:	Stephen Tallowitz
Subject:	[Jailkit-dev] jk_jailuser bugs
Date:	Thu, 10 Nov 2005 22:14:20 +0100

Hello Olivier,

sorry about posting my comments on jk_jailuser to the jailkit-users list, it 
really should have gone on this list

On Thu, 10 Nov 2005 20:05:26 +0100
Stephen Tallowitz <address@hidden> wrote:
> myhost cvs-src # jk_jailuser -j /srv/jaily -v -s /bin/bash -m jailtest
> adding user jailtest to /srv/jaily/etc/passwd with shell /bin/bash
> adding group users to /srv/jaily/etc/group
> modify user jailtest; dir /srv/jaily/./home/jailtest/ and shell 
> /usr/sbin/jk_chrootsh
> creating directory /srv/jaily/./home/jailtest
> moving files from /home/jailtest/ to /srv/jaily/./home/jailtest/
> Traceback (most recent call last):
>   File "/usr/sbin/jk_jailuser", line 250, in ?
>     main()
>   File "/usr/sbin/jk_jailuser", line 241, in main
>     jailuser(jail, username, movehome, config)
>   File "/usr/sbin/jk_jailuser", line 146, in jailuser
>     os.rename(pw[5], newhome)
> OSError: [Errno 18] Invalid cross-device link

I've figured out the error. My /home is on a different filesystem than /srv, 
thus just creating a new hard link within the same filesystem will not work, 
the data really has to be copied to the other filesystem (creating a new hard 
link is what os.rename() does in python). Follow this thread in the mailing 
list for possible solutions:
http://mail.python.org/pipermail/python-list/2005-February/266552.html

When jk_jailuser isn't able to copy (or move) the home directory, there are 
some interesting follow-up effects:

1. /srv/jaily/home/jailtest (which is empty), has the following permissions:
drwxr-xr-x  2 root root 4096 10. Nov 22:05 jailtest

2. Thus running jk_jailuser for the second time produces:
myhost ~ # jk_jailuser -j /srv/jaily -v -s /bin/bash -m jailtest
user jailtest already exists in /srv/jaily/etc/passwd
user jailtest has a correct home directory and shell already
moving files from /srv/jaily/./home/jailtest/ to /srv/jaily/./home/jailtest/

3. Logging in as jailtest isn't possible of course, as chrootsh correctly 
checks the permissions of /srv/jaily/home/jailtest:
Nov 10 22:08:40 [jk_socketd] listening on socket /srv/jaily/dev/log with rates 
[1024:1024]/2
Nov 10 22:08:48 [login(pam_unix)] session opened for user jailtest by 
LOGIN(uid=0)
Nov 10 22:08:48 [jk_chrootsh] abort, path /srv/jaily/./home/jailtest/ is not 
owned 1006:100
Nov 10 22:08:48 [login(pam_unix)] session closed for user jailtest

There are probably a few more situations, where moving (or copying) the home 
directory isn't successful. One case I can think of is that the destination 
filesystem gets full in the middle of transfering the home directory, what 
should jk_jailuser do then?

Cheers,
Stephen

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-dev] jk_jailuser bugs, Stephen Tallowitz <=
- Re: [Jailkit-dev] jk_jailuser bugs, Olivier Sessink, 2005/11/10

Next by Date: Re: [Jailkit-dev] jailkit-cvs ebuild for gentoo
Next by thread: Re: [Jailkit-dev] jk_jailuser bugs
Index(es):
- Date
- Thread