The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sendmail not available via Jailshell

Discussion in 'E-mail Discussions' started by LinuxFreaky, Apr 26, 2003.

  1. LinuxFreaky

    LinuxFreaky Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Is Sendmail available via Jailshell? I did a "whereis sendmail" and got:

    sendmail: /usr/lib/sendmail

    However running that got me a:

    jailshell: /usr/lib/sendmail: No such file or directory

    Doing a ls -las on /usr/lib/sendmail I find the problem:

    /usr/lib/sendmail -> ../sbin/exim

    It's actually linking to /usr/sbin/exim, which the jailshell forbids.

    How can users have access to sendmail via the jailshell command line then?
     
  2. techark

    techark Well-Known Member

    Joined:
    May 22, 2002
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    My question is why would you want some one to use SSH to send mail from your server any way ?
     
  3. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    I have had users that use mutt and pine on my server and, to be honest, it makes me nervous. I had one user who was logged in using mutt all the time. He was a shady character. I watched him and watched him everyday. He seemed to always be logged in via SSH. Finally, I removed mutt and pine on his server. He didn't complain, which made me even more nervous. Anyway, I agree that people should not bother with sendmail via SSH. Use a regular mail program or scripts instead.
     
  4. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    Your scripts need to have access to it as well. The fact that sendmail is not available in the jailroot shell prevents that user's perl and shell scripts from sending out email. This impacts thousands of CGI-based applications!

    I can't believe this still hasn't been addressed!
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Check on this.

    -myshell-2.05b$ /usr/sbin/sendmail
    exim: neither action flags nor mail addresses given

    -myshell-2.05b$ /usr/sbin/exim
    exim: neither action flags nor mail addresses given

    (this is a jailed shell I just didn't like the name) :D
     
  6. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    What WHM/CP version are you running? The entire /usr/sbin directory is not available at all in ours (we also changed the prompt as jailroot seemed so 'evil').
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    We are running a mix of both RH 7.3 and RH 8 servers all with Cpanel 6.4.1-E31
     
  8. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    How did you change the jailprompt name? i get tons of peeps calling about that.
     
  9. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    You got a newer version (we're at 6.4.0). Maybe it was just recently fixed. We'll upgrade one machine tonight and see if it goes well.

    Thx,
    Jaz
     
  10. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Make a symlink to jailshell

    cd /usr/local/cpanel/bin
    ln -s jailshell myshell
    chattr +i myshell (so it does not get removed) :)

    Then in /etc/passwd replace jailshell with myshell

    Done.

    And since you have to manually give some jailshell (I hate that) just add the extra step of editing the passwd file.

    Once cpanel figures out to make this an automated option on account signup, it will be fairly easy then to change the name automatically as well.
     
  11. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Thanks!
     
  12. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    Dont' forget to add the shell to the /etc/shells file. If you created the symlink /bin/myshell, then add /bin/myshell as the last line in the /etc/shells file.

    BTW, I gave the cP crew detailed instructions on how to allow this to be a 'tweak setting' over a month ago. Who knows if they'll ever add it.

    Jaz
     
  13. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Didn't need to add it to shells, hmm, that's wierd.
     
  14. AbeFroman

    AbeFroman BANNED

    Joined:
    Feb 16, 2002
    Messages:
    654
    Likes Received:
    1
    Trophy Points:
    0
    Is this so you dont have to change it in /etc/passwd each time you add a new account?
     
  15. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    If you don't add it to /etc/shells, you won't be able to FTP into the server with an account using that shell.
     
  16. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    jsteel - not that I am doubting you, but that is not the case with us.

    220-=(<*>)=-.:. (( Welcome to PureFTPd 1.0.12 )) .:.-=(<*>)=-
    220-You are user number 14 of 250 allowed.
    220-Local time is now 19:08 and the load is 0.00. Server port: 21.
    220 You will be disconnected after 15 minutes of inactivity.
    USER dgbaxxx
    331 User dgbaxxx OK. Password required
    PASS (not shown)
    230-User dgbaxxx has group access to: dgbaxxx
    230 OK. Current restricted directory is /

    [/etc]# more shells
    /bin/sh
    /bin/bash
    /sbin/nologin
    /bin/bash2
    /bin/ftpsh
    /usr/local/cpanel/bin/noshell
    /usr/local/cpanel/bin/jailshell


    -myshell-2.05b$ whoami
    dgbaxxx
    -myshell-2.05b$
     
  17. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    Maybe it doesn't impact PureFTPd. We use ProFTPd and had the issue. There are a number of threads here about the problem as well.

    Jaz
     
  18. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Ahh!! That makes sense. I really hate Proftp. I found Pure to be much better, for me and clients not having the logs is worth the speed increase alone.
     
  19. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    As it turns out, we are running the latest RELEASE version (we don't put EDGE builds on our servers), and the /usr/sbin directory isn't available in jailroot. It must have been added to the 6.4.1E builds. We'll just have to wait for the next RELEASE and hope it has it.

    Jaz
     
  20. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    do you have the /usr/local/cpanel/bin/setupvirtfs script? if so you might be able to to modify that
     
Loading...

Share This Page