Plesk 9.3 / Debian Lenny - chroot-login nicht möglich!

S

subTH

New Member
Nach einem Upgrade auf Debian Lenny ist kein Login für chrooted-User mehr möglich:

Hier der Ausschnitt aus dem Plesk 9.3 Upgrade-Log:

Code: 
 Trying to install chrooted environment... `/bin/bash' -> `bash'
`/lib/libncurses.so.5' -> `/var/www/vhosts/chroot/lib/libncurses.so.5'
`/lib/libdl.so.2' -> `/var/www/vhosts/chroot/lib/libdl.so.2'
`/lib/libc.so.6' -> `/var/www/vhosts/chroot/lib/libc.so.6'
`/bin/cat' -> `cat'
`/lib/libc.so.6' -> `/var/www/vhosts/chroot/lib/libc.so.6'
`/bin/cp' -> `cp'
`/lib/libselinux.so.1' -> `/var/www/vhosts/chroot/lib/libselinux.so.1'
[...]
`/lib/libpthread.so.0' -> `/var/www/vhosts/chroot/lib/libpthread.so.0'
`/usr/bin/groups' -> `groups'
groups: text/x-shellscript
probably it will not work in chrooted acconts

WARNING!
During the register groups in chrooted environment found some problems
Continue...
[...]



Beim Versuch sich einzuloggen erscheint im auth.log (Loglevel DEBUG):

Code: 
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Feb 14 13:24:27 vsxxxxxx sshd[9985]: debug1: Forked child 23971.
Feb 14 13:24:27 vsxxxxxx sshd[23971]: error opening /proc/self/oom_adj: No such file or directory
Feb 14 13:24:27 vsxxxxxx sshd[23971]: error opening /proc/self/oom_adj: No such file or directory
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: inetd sockets after dupping: 3, 3
Feb 14 13:24:27 vsxxxxxx sshd[23971]: Connection from xx.xx.xx.xxx port 58831
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-6ubuntu2
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: match: OpenSSH_5.1p1 Debian-6ubuntu2 pat OpenSSH*
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Enabling compatibility mode for protocol 2.0
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-5
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: PAM: initializing for "xxx"
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: PAM: setting PAM_RHOST to "xdsl-87-79-85-199.netcologne.de"
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: PAM: setting PAM_TTY to "ssh"
Feb 14 13:24:27 vsxxxxxx sshd[23971]: Failed none for xxx from xx.xx.xx.xxx port 58831 ssh2
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: temporarily_use_uid: 10004/2523 (e=0/0)
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: trying public key file /var/www/vhosts/atheisten.org/.ssh/authorized_keys
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: restore_uid: 0/0
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: temporarily_use_uid: 10004/2523 (e=0/0)
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: trying public key file /var/www/vhosts/atheisten.org/.ssh/authorized_keys
Feb 14 13:24:27 vsxxxxxx sshd[23971]: debug1: restore_uid: 0/0
Feb 14 13:24:27 vsxxxxxx sshd[23971]: Failed publickey for xxx from xx.xx.xx.xxx port 58831 ssh2
Feb 14 13:24:33 vsxxxxxx sshd[23971]: debug1: PAM: password authentication accepted for xxx
Feb 14 13:24:34 vsxxxxxx sshd[23971]: debug1: do_pam_account: called
Feb 14 13:24:36 vsxxxxxx sshd[23971]: Accepted password for xxx from xx.xx.xx.xxx port 58831 ssh2
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: monitor_child_preauth: xxx has been authenticated by privileged process
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: PAM: establishing credentials
Feb 14 13:24:36 vsxxxxxx sshd[23971]: pam_unix(sshd:session): session opened for user xxx by (uid=0)
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: SELinux support disabled
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: PAM: establishing credentials
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: permanently_set_uid: 10004/2523
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: Entering interactive session for SSH2.
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_init_dispatch_20
Feb 14 13:24:36 vsxxxxxx sshd[23971]: User child is on pid 25942
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_channel_open: ctype session rchan 0 win 1048576 max 16384
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: input_session_request
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: channel 0: new [server-session]
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_new: session 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_open: channel 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_open: session 0: link with channel 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_channel_open: confirm session
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: server_input_channel_req: channel 0 request pty-req reply 1
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_input_channel_req: session 0 req pty-req
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: Allocating pty.
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: session_new: session 0
Feb 14 13:24:36 vsxxxxxx sshd[23971]: debug1: SELinux support disabled
Feb 14 13:24:36 vsxxxxxx sshd[25942]: debug1: session_pty_req: session 0 alloc /dev/pts/2
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: server_input_channel_req: channel 0 request env reply 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_input_channel_req: session 0 req env
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: server_input_channel_req: channel 0 request shell reply 1
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_input_channel_req: session 0 req shell
Feb 14 13:24:37 vsxxxxxx sshd[26113]: debug1: Setting controlling tty using TIOCSCTTY.
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: Received SIGCHLD.
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_pid: pid 26113
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_exit_message: session 0 channel 0 pid 26113
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_exit_message: release channel 0
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: session_by_tty: session 0 tty /dev/pts/2
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_by_channel: session 0 channel 0
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: session_pty_cleanup: session 0 release /dev/pts/2
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_close_by_channel: channel 0 child 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: session_close: session 0 pid 0
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: channel 0: free: server-session, nchannels 1
Feb 14 13:24:37 vsxxxxxx sshd[25942]: Connection closed by xx.xx.xx.xxx
Feb 14 13:24:37 vsxxxxxx sshd[25942]: debug1: do_cleanup
Feb 14 13:24:37 vsxxxxxx sshd[25942]: Transferred: sent 2248, received 2256 bytes
Feb 14 13:24:37 vsxxxxxx sshd[25942]: Closing connection to xx.xx.xx.xxx port 58831
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: PAM: cleanup
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: PAM: deleting credentials
Feb 14 13:24:37 vsxxxxxx sshd[23971]: debug1: PAM: closing session
Feb 14 13:24:37 vsxxxxxx sshd[23971]: pam_unix(sshd:session): session closed for user xxx


Hat jemand ähnliche Probleme oder sogar eine Lösung?
 
Last edited by a moderator:
Habe versucht als root /opt/psa/bin/chrootsh auszuführen mit folgendem Ergebnis:

Code: 
# /opt/psa/bin/chrootsh 
mkdtemp() failed
system error: No such file or directory

Hilft mir leider nicht viel weiter :(
 
Ich habe das Problem gelöst!
Plesk hat wohl "vergessen" alle Libraries in den lib-Ordner der chroot Umgebung zu kopieren.

Hier meine libs zum Vergleich:

Code: 
root@xxx:/var/www/vhosts/xxx/lib# ls -l
insgesamt 8284
-rwxr-xr-x  4 root root  113248 15. Mär 22:25 ld-linux.so.2
-rw-r--r--  4 root root   24800 15. Mär 22:25 libacl.so.1
-rw-r--r--  4 root root   14744 15. Mär 22:25 libattr.so.1
-rw-r--r--  4 root root    8676 15. Mär 22:25 libcom_err.so.2
-rw-r--r--  4 root root 1375588 12. Jan 08:29 libcrypto.so.0.9.8
-rw-r--r--  4 root root   38296 15. Mär 22:25 libcrypt.so.1
-rwxr-xr-x  4 root root 1294572 15. Mär 22:25 libc.so.6
-rw-r--r--  4 root root    9680 15. Mär 22:25 libdl.so.2
-rw-r--r--  1 root root   49676 15. Mär 23:08 libgcc_s.so.1
-rw-r--r--  4 root root   18588  7. Mär 2007  libgpm.so.1
-rw-r--r--  4 root root   19140 30. Nov 2008  libgpm.so.2
-rw-r--r--  4 root root  169076  7. Jan 21:58 libgssapi_krb5.so.2
-rw-r--r--  4 root root  147392  7. Jan 21:58 libk5crypto.so.3
-rw-r--r--  4 root root    5744 15. Mär 22:25 libkeyutils.so.1
-rw-r--r--  4 root root  607284  7. Jan 21:58 libkrb5.so.3
-rw-r--r--  4 root root   27876  7. Jan 21:58 libkrb5support.so.0
-rw-r--r--  1 root root  149328 15. Mär 23:01 libm.so.6
-rw-r--r--  1 root root 1995676 15. Mär 23:08 libmysqlclient.so.15
-rw-r--r--  4 root root  202188 15. Mär 22:25 libncurses.so.5
-rw-r--r--  4 root root   79608 15. Mär 22:25 libnsl.so.1
-rw-r--r--  4 root root   30436 15. Mär 22:25 libnss_compat.so.2
-rw-r--r--  4 root root   17880 15. Mär 22:25 libnss_dns.so.2
-rw-r--r--  4 root root   38408 15. Mär 22:25 libnss_files.so.2
-rw-r--r--  4 root root   17856 21. Jan 19:05 libnss_hesiod.so.2
-rw-r--r--  4 root root   38340 21. Jan 19:05 libnss_nisplus.so.2
-rw-r--r--  4 root root   34320 21. Jan 19:05 libnss_nis.so.2
-rw-r--r--  1 root root   33284 15. Mär 23:02 libpopt.so.0
-rwxr-xr-x  4 root root  112012 15. Mär 22:25 libpthread.so.0
-rw-r--r--  1 root root  200548 15. Mär 23:02 libreadline.so.5
-rw-r--r--  4 root root   63312 15. Mär 22:25 libresolv.so.2
-rw-r--r--  4 root root   30624 15. Mär 22:25 librt.so.1
-rw-r--r--  4 root root   95964 15. Mär 22:25 libselinux.so.1
-rw-r--r--  4 root root  219824 15. Nov 2006  libsepol.so.1
-rw-r--r--  1 root root  946216 15. Mär 23:03 libstdc++.so.6
-rw-r--r--  4 root root    9684 15. Mär 22:25 libutil.so.1
-rw-r--r--  4 root root   81012  6. Apr 2008  libz.so.1
drwxr-xr-x 15 root root    4096 14. Feb 03:28 terminfo
 
You must log in or register to reply here.
Back
Top