Bug#835516: General: Incorrect permissions on /bin for Debian Jessie

Daniel Bareiro Fri, 26 Aug 2016 05:45:37 -0700

Package: general
Severity: important

Dear Debian developers,


I am currently testing ISPConfig with Debian Jessie and Jailkit.

Apparently the chrooted SSH users are not able to log on. I'm using
Debian GNU/Linux Jessie (8.5) with Jailkit 2.19. When reviewing
/var/log/auth.log at the time that the users try to connect via SSH, is
logged something as the following:

-------------------------------------------------------------------------
Jun 27 15:37:57 ispconfig jk_chrootsh[19240]: path 
/var/www/clients/client1/web7/bin/ is group writable
Jun 27 15:37:57 ispconfig jk_chrootsh[19240]: abort, 
/var/www/clients/client1/web7 is not a safe jail, check ownership and 
permissions.
-------------------------------------------------------------------------

Adding the following to
/usr/local/ispconfig/server/scripts/create_jailkit_chroot.sh solves the
problem:

chmod g-w $CHROOT_HOMEDIR/bin

I think that jailkit just copies the permissions that Debian has set as
default for /bin which are different now according to the jailkit shell.

There seems to be a difference in the permissions for stable compared to
oldstable:

-------------------------------------------------------------------------
root@pfc:~# cat /etc/debian_version
7.10
root@pfc:~# ls -ld /bin/
drwxr-xr-x 2 root root 4096 mar  6 16:14 /bin/
-------------------------------------------------------------------------

-------------------------------------------------------------------------
root@ispconfig:/var/www/clients/client1/web11# cat /etc/debian_version
8.5
root@ispconfig:/var/www/clients/client1/web11# ls -ld /bin/
drwxrwxr-x 2 root root 4096 Jun  9 16:20 /bin/
root@ispconfig:/var/www/clients/client1/web11# ls -ld ./bin/
drwxr-xr-x 2 root root 4096 Jun 28 15:37 ./bin/
-------------------------------------------------------------------------

Although I'm not sure why the Debian developers did this change or if it
is a bug.


Kind regards,
Daniel



-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
Ing. Daniel Bareiro

Opción Libre - Soberanía tecnológica para su empresa
WWW: http://www.opcion-libre.com.ar
Tel: +54 11 5235-3090
Correo-e: conta...@opcion-libre.com.ar

signature.asc
Description: Digital signature

Bug#835516: General: Incorrect permissions on /bin for Debian Jessie

Reply via email to