Announcement

Collapse
No announcement yet.

CageFS still showing files that shouldnt be visible to user

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CageFS still showing files that shouldnt be visible to user

    Fresh CentOS 6.5 install, followed by Plesk 12.0.18, followed by CloudLinux and CageFS. CageFS was initialized, users are all jailed in CageFS, and the skeleton has been updated.

    When I SSH to the server as one of the domain owners, the user can still see the real contents of directories like /etc, configuration files, and so on. Not sure why this is, and Im hoping for some guidance on what setup step I might have missed. I looked at the CageFS skeleton files, and the sensitive files I am seeing are not part of the skeleton.

    Also, minor quality control point, perhaps an issue for the Plesk folks, but the Plesk Extensions area shows CageFS version as "0.0" and offers the description "GageFS".

  • #2
    Please check if lve is enabled in ssh pam, the /etc/pam.d/sshd should contains following:

    > session required pam_lve.so 100 1

    Also, please check account UID , and be sure its greater then minuid ( cagefsctl --get-min-uid ).

    Comment


    • #3
      Bogdan, thanks for the reply.

      /etc/pam.d/sshd file:

      #%PAM-1.0
      auth required pam_sepermit.so
      auth include password-auth
      account required pam_nologin.so
      account include password-auth
      password include password-auth
      # pam_selinux.so close should be the first session rule
      session required pam_selinux.so close
      session required pam_loginuid.so
      # pam_selinux.so open should only be followed by sessions to be executed in the user context
      session required pam_selinux.so open env_params
      session optional pam_keyinit.so force revoke
      session include password-auth
      session required pam_lve.so 500 1
      ~

      # cagefsctl --get-min-uid
      10000

      Comment


      • #4
        Any more help available on this issue?

        Comment


        • #5
          Sorry, I missed your replies, I worry we would need to check the server directly. Please create a ticket in our support system and we will help you, then share a solution here.

          Comment

          Working...
          X