From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 21 15:27:40 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2B9D0106579A
	for <freebsd-questions@freebsd.org>;
	Tue, 21 Aug 2012 15:27:40 +0000 (UTC)
	(envelope-from lconrad@Go2France.com)
Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75])
	by mx1.freebsd.org (Postfix) with ESMTP id E4A738FC14
	for <freebsd-questions@freebsd.org>;
	Tue, 21 Aug 2012 15:27:39 +0000 (UTC)
Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 0F49E472BFF
	for <freebsd-questions@freebsd.org>;
	Tue, 21 Aug 2012 17:27:36 +0200 (CEST)
Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73])
	by VirusGate.MEIway.com (Postfix) with ESMTP id 6636E386643
	for <freebsd-questions@freebsd.org>;
	Tue, 21 Aug 2012 17:27:36 +0200 (CEST)
	(envelope-from lconrad@Go2France.com)
Date: Tue, 21 Aug 2012 17:27:28 +0200
Message-Id: <201208211727.AA529531400@mail.Go2France.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
From: "Len Conrad " <lconrad@Go2France.com>
X-Sender: <lconrad@Go2France.com>
To: <freebsd-questions@freebsd.org>
X-Mailer: <IMail v7.07>
Subject: Problem  with r-o access in jail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: lconrad@Go2France.com
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2012 15:27:40 -0000


Want a nullfs filesystem to be read-only for tech people to search-only maillog files.

host machine's files:

/var/log/mx1/maillog* files

the maillog files are all 644 and r bit is set all along the path


using ezjail

jail root is /var/jails

jail name is fixit

mkdir -p /var/jails/fixit/mx1

fixit/mx1 dir has 644 and r bit is set all along the path

mount_nullfs -o ro /var/log/mx1 /var/jails/fixit/mx1


"ezjail-admin console fixit"  as fixit jail root user


I add a user fixit:fixit


ssh logon to fixit jail's ip as  user fixit

ll /mx1

gives nothing but:

ls: maillog.45.bz2: Permission denied
ls: maillog.46.bz2: Permission denied
ls: maillog.47.bz2: Permission denied
ls: maillog.48.bz2: Permission denied
ls: maillog.49.bz2: Permission denied
ls: maillog.5.bz2: Permission denied
ls: maillog.50.bz2: Permission denied
ls: maillog.51.bz2: Permission denied



ezjail-admin console fixit 

...shows the  /mx1/maillog* files all to be 644

If move the jail fixit user from group fixit to group wheel, user fixit has access to /mx1/maillog* files.

suggestions?

thanks,
Len