Jail broken in latest build

hostpc.com

hostpc.com

Verified User
Joined
Aug 2, 2003
Messages
1,053
Location
Schenectady, NY
CentOS 5, 32 bit ..

Newly installed server, jailshell setup on initial config. Customer just moved to this server, old server (less than a year old build), same versions, was working fine.

Customer is trying to run a script via SSH executing PHP CLI:

<?
echo "TEST\n";
?>
Click to expand...

Executed as root, the script runs without an issue:


[root@www534 cron]# pwd
/home/USERNAME/domains/customersdomain.com/public_html/admin/cron
[root@www534 cron]# php -q test.php
TEST
[root@www534 cron]#
Click to expand...

When run as user USERNAME, it fails:
[root@www534 cron]# su USERNAME
bash-3.2$ php -q test.php
php: error while loading shared libraries: libmysqlclient.so.15: cannot open shared object file: No such file or directory
bash-3.2$
Click to expand...


Tracked this down to a missing library not installed properly with the latest release of the jail script. I tried to symlink it in the customers /lib directory

libmysqlclient.so.15 -> /usr/lib/libmysqlclient.so.15

still not working. I'm reluctant to do a hard link, doing so would allow the customer to overwrite - with RW access.

My questions are, what changed in the jail script - who changed it (was this another user - or DA admins?) and most importantly, how can it be fixed quickly?

Thank you
 
I think you have to copy libmysqlclient.so.15 to the user's lib directory and chown it to the user. Give it a try. At least it will help track down the problem.
 
Hmm. So the symlink didn't work, but copying the actual file over did.

Now, we gotta get DA to fix the jail script so it'll automatically do that for all jailed users.


Thanks Floyd - 'preciate the help.

Joe
 
I am really just guessing. I know it copies all the files it needs. It does not provide symlinks that I know of. I think the jail only lets it run files within the home directory. I don't think it is allowed to follow symlinks as that would create a security problem. The user would be able to create the symlink themselves to any program outside their home directory.

It would be nice if DA fixed it but I think you can probably open the script and fix it yourself for now until they do fix it. Just find where it copies the other files.
 
You must log in or register to reply here.
Back
Top