Hi,
At the beginning of <a href="http://www.interworx.com/support/docs/nodeworx/shell/howto-enable-jailed-shells">this article</a>, there are two notices. One that says that the jail kit is enabled by default since version 2.1.0 and everything has been taken care of by default. Next, there is a notice that says that this process is only needed when you don't see the /usr/sbin/jk_chrootsh shell in the list.
The problem is that, both notes are right in our case. Everything described in the whole procedure seems to have been done during installation but we still do not see the /usr/sbin/jk_chrootsh shell in the list. Also, when we use another shell (like bash), the user has access to the whole server's directory structure since he is not jailed...
We have tried adding /usr/sbin/jk_chrootsh in the /etc/shells file and saw it appearing in the list but it is unusable (seems to act just as /sbin/nologin).
Is there a way to add the /usr/sbin/jk_chrootsh shell in the "Shell Accounts" section in a manner that, when applied to a user afterwards, it can be used and the user is jailed?
Thanks for any help!
Try this and see if it helps:
yum reinstall jailkit
Paul
Thanks for your reply Paul!
Done, now I see the jailed shell in the shell list but it still does the same thing. It asks for user/pass or user/key and then just kicks me out after authentication…
That typically means that /chroot/etc/passwd and group may be too locked down to allow the jailed UID to access those files - which are necessary for login - and thus you get booted out on login. Typically an error message will be dumped to /var/log/secure which may help you determine the cause of why you are being kicked out.
You can also open a support ticket with us if you are stuck.
I ran into a similar issue after having /bin/bash enabled for a user and trying to change it to jailshell. Logs showed:
jk_chrootsh[19100]: abort, homedir '/home/username' for user username (501) does not contain the jail separator <jail>/./<home>
There was no entry in /chroot/etc/passwd for the user, and /etc/passwd showed the standard /home/username home dir for the user rather than /chroot/./home/username
Repeatedly disabling and re-enabling and switching shells around didn’t seem to fix anything until I hit upon a set of steps that seems to fix the issue.
- disable shell access for the user
- set shell access to /sbin/nologin
- enable shell access for the user
- set shell to /usr/sbin/jk_chrootsh
Once I did that, everything was correct for the user, and now I cannot recreate the issue, either.