From owner-freebsd-bugs Wed Jan 23 10:14: 4 2002 Delivered-To: freebsd-bugs@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 8DA0337B400 for ; Wed, 23 Jan 2002 10:13:52 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g0NIDUv28012; Wed, 23 Jan 2002 20:13:30 +0200 (EET) (envelope-from ru) Date: Wed, 23 Jan 2002 20:13:30 +0200 From: Ruslan Ermilov To: Gerald Pfeifer Cc: freebsd-bugs@freebsd.org Subject: Re: bin/34159: chroot man page-implementation mismatch Message-ID: <20020123201330.A25404@sunbay.com> References: <20020123192515.D9922@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.23i Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jan 23, 2002 at 06:44:11PM +0100, Gerald Pfeifer wrote: > Thanks for the quick response! > > On Wed, 23 Jan 2002, Ruslan Ermilov wrote: > >> "This command can be run only by the super-user." > > Why? I can run it under a normal user account. This is chroot(2) > > syscall that doesn't allow it to execute, not chroot(8), and > > chroot(2) is properly documented. > > Are you sure? As a regular user, I always get > > chroot: $DIRNAME: Operation not permitted > chroot: /: Operation not permitted > : > > regardless of the directory (/tmp/, lokal disk, NFS mount, even /), I > specify, whereas exactly the same command executed as root works just > fine. > The point here is that chroot(8) doesn't have a code that prevents it from working under non-root, but chroot(2) does. chroot(8) can be EXECUTED by a regular user too, but the result will be different. Also, chroot(8) behaves differently under jails. > Would you mind providing an example how this works for a regular user so > that I can test it? > jail(8) then chroot(8). :-) > >> o "exec's command" should most probably read "exec's command relative > >> to newroot". > > IMO, the preceding "changes its root directory to the supplied directory > > newroot" makes things clear without this. Commands are not executed > > "relative to some directory". > > My suggestion was based on what Sun's technical writers used for Solaris 8, > which are native speakers (unlike you or me). > I don't bye these, sorry. :-) > In any case, the current documentation in FreeBSD does not make it clear > enough that command (if specified) and especially the "interactive copy > of your shell" already are with respect to the newly set root. > I disagree. It's clear that "chroot(8) changes its root directory to that specified, and then executes the command or a shell". Please note that the current directory is not affected by chroot(2) syscall, see manpage for details. > Also, the documentation does not make it clear that "your shell" > apparently refers to the shell in /etc/passwd, not the shell you're > currently running. > How it could be unclear from reading the ENVIRONMENT section that chroot(8) runs ${SHELL} or /bin/sh if SHELL is unset? Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message