[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#835516: General: Incorrect permissions on /bin for Debian Jessie

Package: general
Severity: important

Dear Debian developers,

I am currently testing ISPConfig with Debian Jessie and Jailkit.

Apparently the chrooted SSH users are not able to log on. I'm using
Debian GNU/Linux Jessie (8.5) with Jailkit 2.19. When reviewing
/var/log/auth.log at the time that the users try to connect via SSH, is
logged something as the following:

Jun 27 15:37:57 ispconfig jk_chrootsh[19240]: path /var/www/clients/client1/web7/bin/ is group writable
Jun 27 15:37:57 ispconfig jk_chrootsh[19240]: abort, /var/www/clients/client1/web7 is not a safe jail, check ownership and permissions.

Adding the following to
/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh solves the

chmod g-w $CHROOT_HOMEDIR/bin

I think that jailkit just copies the permissions that Debian has set as
default for /bin which are different now according to the jailkit shell.

There seems to be a difference in the permissions for stable compared to

root@pfc:~# cat /etc/debian_version
root@pfc:~# ls -ld /bin/
drwxr-xr-x 2 root root 4096 mar  6 16:14 /bin/

root@ispconfig:/var/www/clients/client1/web11# cat /etc/debian_version
root@ispconfig:/var/www/clients/client1/web11# ls -ld /bin/
drwxrwxr-x 2 root root 4096 Jun  9 16:20 /bin/
root@ispconfig:/var/www/clients/client1/web11# ls -ld ./bin/
drwxr-xr-x 2 root root 4096 Jun 28 15:37 ./bin/

Although I'm not sure why the Debian developers did this change or if it
is a bug.

Kind regards,

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Ing. Daniel Bareiro

Opción Libre - Soberanía tecnológica para su empresa
WWW: http://www.opcion-libre.com.ar
Tel: +54 11 5235-3090
Correo-e: contacto@opcion-libre.com.ar

Attachment: signature.asc
Description: Digital signature

Reply to: