Date: Mon, 12 Apr 2010 09:08:01 -0400 From: Greg Larkin <glarkin@FreeBSD.org> To: "Erich Jenkins, Fuujin Group Ltd" <erich@fuujingroup.com> Cc: freebsd-bugs@freebsd.org, freebsd-jail@freebsd.org Subject: Re: jail file and directory permissions Message-ID: <4BC31B31.6060201@FreeBSD.org> In-Reply-To: <4BC2E662.1050007@fuujingroup.com> References: <4BC2C578.9080108@fuujingroup.com> <i2l8250ac3f1004120043ga734bbe0s952dda5712ea38a5@mail.gmail.com> <4BC2E662.1050007@fuujingroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Erich Jenkins, Fuujin Group Ltd wrote: > Kalle M=C3=B8ller wrote: > <snip> >> Could you please make a command list on what your doing and with >> output.. like this ... >> >> --=20 >> >> Med Venlig Hilsen >> >> Kalle R. M=C3=B8ller > </snip> >=20 > Here's what I'm seeing: >=20 > jail0495> pwd > /usr/home/testuser > jail0495> ll > -rw------- 1 testuser rmtuser 1957 Apr 12 02:22 .history > drwxr--r-- 2 root wheel 1024 Apr 12 02:22 testdir > jail0495> users > testuser > jail0495> cd testdir > jail0495> ll > -rw-r--r-- 2 root wheel 4096 Apr 12 02:24 textfile.txt > jail0495> rm textfile.txt > override rw-r--r-- root/wheel for textfile.txt ? y > jail0495> ll > total 0 > jail0495> >=20 > As you can see, this is of great concern. >=20 Hi Erich, I use jails extensively on my company systems here, so I am interested in this problem. I set up a test environment that I believe mirrors your= s: jail54# pwd /usr/home/glarkin jail54# ls -al testdir total 6 drwxr--r-- 2 root wheel 512 Apr 12 08:52 . drwxr-xr-x 5 glarkin glarkin 512 Apr 12 08:52 .. - -rw-r--r-- 1 root wheel 7 Apr 12 08:52 foo.txt jail54# # exit [glarkin@jail54 ~]$ cd testdir - -bash: cd: testdir: Permission denied [glarkin@jail54 ~]$ rm testdir/foo.txt rm: testdir/foo.txt: Permission denied [glarkin@jail54 ~]$ rm -rf testdir rm: testdir/foo.txt: Permission denied rm: testdir: Directory not empty My situation is slightly different than yours, since my jails are based on FreeBSD 6.4, instead of 7.x. As a first step to troubleshooting, please log in to your jail as your non-privileged user, run the following commands from its home directory, then post the permtest1.log and permtest2.log files somewhere that we can review them: truss -f -a -s 256 -o permtest1.log cd testdir truss -f -a -s 256 -o permtest2.log rm testdir/textfile.txt Also run the "df" and "mount" commands from the user's home directory inside the jail as well as from the same directory but outside of the jail context. Please post the output of those commands somewhere as well= . Thank you, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFLwxsx0sRouByUApARAtTPAJ9sacXc0MdWT9CwYUXTBu7i+Ks+qwCePUN4 D5EwzGjeAaCCdMMtsbr0G60=3D =3DYPlm -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BC31B31.6060201>