JailShell question, with multiple home folders

[jandafields]

I know that JailShell keeps a user inside their own folder.

If a user's folder is on home2, cPanel automatically puts a symlink on home pointing to their folder so that services can always use home and not care where their folder really is.

With JailShell, however, it will not allow a user to access their folder on home2 through the symlink on home.

This works:
/home2/userfolder

This does not work:
/home/userfolder

If you move a user folder to a bigger partition, they then have to manually update their paths, especially in cron which uses JailShell.

So, is that the way that JailShell is *supposed* to work? Or shouldn't the users still be able to use /home with the symlink, because they are still inside their own folder.

Thanks.

 

[cPanelMichael]

Hello,

Could you verify how you are moving the user directories? Are you using the "Rearrange An Account" option in Web Host Manager? Also, what version of cPanel is installed on this system?

Thank you.

 

[jandafields]

I'm not moving the folders, I think they automatically get created in whatever partition has the most space at the time. v58.

So, if a user has a script that references something in /home/user/, it is permission denied. But if a user has a script that references something in /home2/user, it is allowed.

 

[cPanelMichael]

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[jandafields]

That doesn't really answer my question. It's a yes/no question.

While inside JailShell, should a user located at "/home2/user" be able to access and write to their own files by using "/home/user"?

 

[cPanelMichael]

If a user's folder is on home2, cPanel automatically puts a symlink on home pointing to their folder so that services can always use home and not care where their folder really is.

Hello,

This is only applicable when using the "Rearrange an Account" feature. Creating a new account on a different home directory does not result in the creation of a symbolic link in the /home directory. You can do this manually with a command such as:

ln -s /home2/user123 /home/user123

While inside JailShell, should a user located at "/home2/user" be able to access and write to their own files by using "/home/user"?

Edit to note: This is by design for the jailed shell environment. You will need to assign the account regular shell access to circumvent this limitation.

Thank you.

 

[jandafields]

Trying this across multiple versions. Please see below. Note that the jailed user CANNOT access their directory through a symlink because of the jailed access. Are you *SURE* that jailed users should be able to access symlinks outside of their account?

ROOT USER CAN ACCESS SYMLINKS TO AN ACCOUNT:

[root@server2 ~]# whoami
root
[root@server2 ~]# cd /home/testuser
[root@server2 testuser]# pwd
/home/testuser
[root@server2 testuser]# cd /home4/testuser
[root@server2 testuser]# pwd
/home4/testuser
[root@server2 testuser]#

JAILED USER CANNOT ACCESS SYMLINKS TO AN ACCOUNT:

[testuser@server2 ~]$ whoami
testuser
[testuser@server2 ~]$ pwd
/home4/testuser
[testuser@server2 ~]$ cd /home/testuser
-jailshell: cd: /home/testuser: No such file or directory
[testuser@server2 ~]$ cd /home4/testuser
[testuser@server2 ~]$ pwd
/home4/testuser
[testuser@server2 ~]$

 

[cPanelMichael]

Hello,

Thank you for providing the steps to reproduce the issue. I've confirmed the same result. This is by design for the jailed shell environment. You will need to assign the account regular shell access to circumvent this limitation.

Thank you.

 

[jandafields]

Hello,

Thank you for providing the steps to reproduce the issue. I've confirmed the same result. This is by design for the jailed shell environment. You will need to assign the account regular shell access to circumvent this limitation.

Thank you.

Thank you for that information, but what was your previous answer referring to when you said that logging in and out and back in would allow it to work?

While inside JailShell, should a user located at "/home2/user" be able to access and write to their own files by using "/home/user"?

Yes, however after the creation of the symbolic link, the user must access SSH in the jailed shell environment, log out, and access it again before it begins to function.

 

[cPanelMichael]

Thank you for that information, but what was your previous answer referring to when you said that logging in and out and back in would allow it to work?

Hello,

When using "Rearrange an Account" in WHM, the home directory of the account is not immediately updated when accessing jailed shell. The account must login, logout, and then login again before jailed shell reflects the new home directory. Internal case FB-141949 is open to address this issue.

Thank you.