Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    kopano-admin / kopano-cli in chroot jail?

    General Discussion
    2
    2
    355
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • s_wolff
      s_wolff last edited by

      Hello,

      I have the following task to give a (non-privileged) user ssh access to our server, so that he can create, modify and delete kopano accounts on his own via the command line interface tools. But the constraint is, that this user should have no access to other areas of the server and should stay in his home folder at best.

      First of all I thought, I could create a chroot environment. I copied the binary and the libs (according to ldd) to the respective folders, but it’s not working (executed in the chroot environment):

      $ kopano-admin 
      kopano-admin: /usr/lib/libkcssl.so.0: version 'KC_8.5.6' not found (required by kopano-admin)
      /usr/sbin/kopano-admin: /usr/lib/libkcarchiver.so.0: version 'KC_8.5.6' not found (required by /usr/sbin/kopano-admin)
      #...
      
      $ ll /usr/lib/libkcssl.so.0
      lrwxrwxrwx 1 0 0 17 Sep  3 13:08 /usr/lib/libkcssl.so.0 -> libkcssl.so.0.0.0
      $ ll /usr/lib/libkcssl.so.0.0.0 
      -rw-r--r-- 1 0 0 39984 Sep  4 13:57 /usr/lib/libkcssl.so.0.0.0
      

      So is the chroot jail a possible solution at all? Are there any better options for the task?

      The server is running under Ubuntu 16.04. with the db_plugin. Switching to LDAP is not an option.

      1 Reply Last reply Reply Quote 0
      • jengelh
        jengelh Banned last edited by

        You seem to be having a mismatching libkcarchiver.so.0 that is not actually from 8.5.6.

        So is the chroot jail a possible solution at all?

        I see no impedients to it. kopano-admin can run unprivileged, and it can connect either via filesystem-based socket, or HTTPS with a SSL certificate (to authenticate as the Kopano Admin).

        1 Reply Last reply Reply Quote 0
        • First post
          Last post