Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Aug 2012 22:14:32 -0400
From:      "James Edwards" <jedwards@bsdftw.org>
To:        lconrad@Go2France.com
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Problem  with r-o access in jail
Message-ID:  <b4c59ed5f7251e751320eb1913b8b7a2.squirrel@webmail.bsdftw.org>
In-Reply-To: <201208211727.AA529531400@mail.Go2France.com>
References:  <201208211727.AA529531400@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> Want a nullfs filesystem to be read-only for tech people to search-only
> maillog files.
>
> host machine's files:
>
> /var/log/mx1/maillog* files
>
> the maillog files are all 644 and r bit is set all along the path
>
>
> using ezjail
>
> jail root is /var/jails
>
> jail name is fixit
>
> mkdir -p /var/jails/fixit/mx1
>
> fixit/mx1 dir has 644 and r bit is set all along the path
>

The directory permissions should have the execute bit set, it should be
set to 755 instead of 644.

> mount_nullfs -o ro /var/log/mx1 /var/jails/fixit/mx1
>
>
> "ezjail-admin console fixit"  as fixit jail root user
>
>
> I add a user fixit:fixit
>
>
> ssh logon to fixit jail's ip as  user fixit
>
> ll /mx1
>
> gives nothing but:
>
> ls: maillog.45.bz2: Permission denied
> ls: maillog.46.bz2: Permission denied
> ls: maillog.47.bz2: Permission denied
> ls: maillog.48.bz2: Permission denied
> ls: maillog.49.bz2: Permission denied
> ls: maillog.5.bz2: Permission denied
> ls: maillog.50.bz2: Permission denied
> ls: maillog.51.bz2: Permission denied
>

If your permissions are set to 644 on the directories, this is the result
of 'ls'.  After changing the directories permissions to 755, the
'Permission denied' errors will stop.

>
>
> ezjail-admin console fixit
>
> ...shows the  /mx1/maillog* files all to be 644
>
> If move the jail fixit user from group fixit to group wheel, user fixit
> has access to /mx1/maillog* files.
>
> suggestions?
>
> thanks,
> Len

-- 
Regards,
James Edwards

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b4c59ed5f7251e751320eb1913b8b7a2.squirrel>