[BlueOnyx:23581] Re: ssh failure of migrated users

Maurice de Laat mdlaat at muisnetwerken.nl
Fri Jan 17 05:23:50 -05 2020 

Hi list & Michael,

It turns out I can set shell Access to 'none' which results in a 
badshell set in passwd, which is ok.

However, full shell access results in a chrooted shell. I set the 
debugflag in the user_shell handler. This is the log when setting a full 
shell access:
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : Available: 
/bin/badsh /bin/bash /bin/false /usr/sbin/jk_lsh /usr/sbin/jk_chrootsh
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : User testuser 
homedir: /home/.sites/site4/home/users/testuser
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : User testuser is a 
siteAdmin
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : User testuser 
potential jaildir: /home/.sites/site4/./home/users/testuser - passwd: 
/home/.sites/site4/etc/passwd
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : Case 4
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : 
user->{systemAdministrator}: 0 - user->{site}: site4 - user->{enabled}: 
1 - shell->{user}:  - shell->{enabled}: 3 - user->{name}: testuser
Jan 17 11:05:05 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : new shell is /bin/bash
Jan 17 11:05:06 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : Result: 0 - 0 - 
Everything was completed successfully.
Jan 17 11:05:06 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : Successful usermod, 
now fixing jails ...
Jan 17 11:05:06 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : Running: 
/usr/sbin/jk_jailuser -n -j /home/.sites/site4 -s /bin/bash testuser
Jan 17 11:05:07 centos8 journal[24592]: pperld 
/usr/sausalito/handlers/base/shell/user_shell.pl: : Return status from 
Shell mod via Unix::PasswdFile: /bin/bash
[root at centos8 shell]#


However, when checking passwd after this transaction, it still shows a 
chrooted shell:
[root at centos8 shell]# grep testuser /etc/passwd
testuser:x:1007:1003:testuser 
fullname:/home/.sites/site4/./home/users/testuser:/usr/sbin/jk_chrootsh

When changing from chrooted shell to full shell, the modified time of 
/etc/passwd gets changed, but the content of that file does not change.

--->*BUT*<--

There also is a file /etc/passwd- (note the - sign) which *does* contain 
the right shell:
[root at centos8 shell]# ls -la /etc/passwd*
-rw-r--r--  1 root root 3245 17 jan 11:17 /etc/passwd
-rw-r--r--. 1 root root 3231 17 jan 11:17 /etc/passwd-
-rw-r--r--  1 root root 3245 17 jan 11:16 /etc/passwd.backup
[root at centos8 shell]#

[root at centos8 shell]# grep testuser /etc/passwd-
testuser:x:1007:1003:testuser 
fullname:/home/.sites/site4/home/users/testuser:/bin/bash
[root at centos8 shell]#

Kind regards

Maurice

On 15-01-20 15:57, Maurice de Laat wrote:
> Hi list & Michael,
>
> I still am struggling with the issue outlined below. Installed a 
> virtual 5210R several times, but can not seem to get this working.
>
> Any pointers in the right direction?
>
> Kind regards
>
> Maurice
>
> On 02-12-19 22:35, Maurice de Laat wrote:
>> Hi Michael
>>
>> On 01-12-19 00:20, Michael Stauber wrote:
>>> Thank you for reporting this. I just published an updated 
>>> Easy-Migrate which fixes this issue. 
>> Thank you. However, there still seems to be a problem with this.
>>
>> Imported users that used to have (full) shell access on 5209R, don't 
>> get any shell access on 5210R, which is fine by me.
>>
>> I can give them chrooted shell access in the GUI which works.
>>
>> However, I can not seem to give them full shell access. I allow it in 
>> the site settings, and allow it in the user settings. The GUI 
>> confirms this with the "#>" token in GUI on the user-level. But both 
>> with full shell access as well as chrooted shell access, in 
>> /etc/passwd the shell for that user is always /usr/sbin/jk_chrootsh. 
>> So the user is only given chrooted shell access. So it seems.
>>
>
>

More information about the Blueonyx mailing list