From owner-freebsd-questions@FreeBSD.ORG  Thu Aug 23 02:14:33 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C94E5106564A
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Aug 2012 02:14:33 +0000 (UTC)
	(envelope-from jedwards@bsdftw.org)
Received: from mail.bsdftw.org (unknown [IPv6:2001:470:c630:3000::])
	by mx1.freebsd.org (Postfix) with ESMTP id A27218FC08
	for <freebsd-questions@freebsd.org>;
	Thu, 23 Aug 2012 02:14:33 +0000 (UTC)
Received: from webmail.bsdftw.org (websrv [IPv6:2001:470:c630:1000::])
	by mail.bsdftw.org (Postfix) with ESMTP id 3E5B6A30C;
	Wed, 22 Aug 2012 22:14:32 -0400 (EDT)
Received: from 64.210.199.233 (SquirrelMail authenticated user jedwards)
	by webmail.bsdftw.org with HTTP; Wed, 22 Aug 2012 22:14:32 -0400
Message-ID: <b4c59ed5f7251e751320eb1913b8b7a2.squirrel@webmail.bsdftw.org>
In-Reply-To: <201208211727.AA529531400@mail.Go2France.com>
References: <201208211727.AA529531400@mail.Go2France.com>
Date: Wed, 22 Aug 2012 22:14:32 -0400
From: "James Edwards" <jedwards@bsdftw.org>
To: lconrad@Go2France.com
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: freebsd-questions@freebsd.org
Subject: Re: Problem  with r-o access in jail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Aug 2012 02:14:33 -0000

> Want a nullfs filesystem to be read-only for tech people to search-only
> maillog files.
>
> host machine's files:
>
> /var/log/mx1/maillog* files
>
> the maillog files are all 644 and r bit is set all along the path
>
>
> using ezjail
>
> jail root is /var/jails
>
> jail name is fixit
>
> mkdir -p /var/jails/fixit/mx1
>
> fixit/mx1 dir has 644 and r bit is set all along the path
>

The directory permissions should have the execute bit set, it should be
set to 755 instead of 644.

> mount_nullfs -o ro /var/log/mx1 /var/jails/fixit/mx1
>
>
> "ezjail-admin console fixit"  as fixit jail root user
>
>
> I add a user fixit:fixit
>
>
> ssh logon to fixit jail's ip as  user fixit
>
> ll /mx1
>
> gives nothing but:
>
> ls: maillog.45.bz2: Permission denied
> ls: maillog.46.bz2: Permission denied
> ls: maillog.47.bz2: Permission denied
> ls: maillog.48.bz2: Permission denied
> ls: maillog.49.bz2: Permission denied
> ls: maillog.5.bz2: Permission denied
> ls: maillog.50.bz2: Permission denied
> ls: maillog.51.bz2: Permission denied
>

If your permissions are set to 644 on the directories, this is the result
of 'ls'.  After changing the directories permissions to 755, the
'Permission denied' errors will stop.

>
>
> ezjail-admin console fixit
>
> ...shows the  /mx1/maillog* files all to be 644
>
> If move the jail fixit user from group fixit to group wheel, user fixit
> has access to /mx1/maillog* files.
>
> suggestions?
>
> thanks,
> Len

-- 
Regards,
James Edwards