Date: Wed, 20 Nov 2019 13:26:52 +0100 (CET) From: Ronald Klop <ronald-lists@klop.ws> To: Eugene Grosbein <eugen@grosbein.net> Cc: freebsd-stable <freebsd-stable@freebsd.org>, Miroslav Lachman <000.fbsd@quip.cz>, Christos Chatzaras <chris@cretaforce.gr> Subject: Re: jexec as user? Message-ID: <1232388449.5.1574252812064@localhost> In-Reply-To: <b09b04ac-bd76-e53f-3177-2444f16a30f1@grosbein.net> References: <1237616943.9.1574163726832@localhost> <a572c2ec-52b6-0999-9106-75051cfc9821@sentex.net> <F75AA78E-EC55-49F8-9CEA-AB6C6F0BD742@cretaforce.gr> <06464ab7-abc4-9ee4-a27e-9e4591eebc83@quip.cz> <1244063778.4.1574243275499@localhost> <b09b04ac-bd76-e53f-3177-2444f16a30f1@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yeah, ssh is also possible. See my original mail :-) https://lists.freebsd.org/pipermail/freebsd-stable/2019-November/091742.html I run my jails with "ip4 = inherit;". So I would need to do some port-forwarding trickery with ssh on different ports. The users already login on the host to do various actions. Jailme gives the easiest access without to much maintenance for now. Regards, Ronald. Van: Eugene Grosbein <eugen@grosbein.net> Datum: woensdag, 20 november 2019 11:44 Aan: Ronald Klop <ronald-lists@klop.ws>, Miroslav Lachman <000.fbsd@quip.cz> CC: Christos Chatzaras <chris@cretaforce.gr>, freebsd-stable <freebsd-stable@freebsd.org> Onderwerp: Re: jexec as user? > > 20.11.2019 16:47, Ronald Klop wrote: > > > Thanks for all the advice. I am indeed looking for using jail from the non-root user in the host. Jailme sounds like a good solution. > > > > My use case is providing a relatively save way of giving a user the possibility to experiment with root rights (like creating and installing ports) without wracking the host system. > > The users are trusted so it is not so much about security. More about keeping the host system clean. > > You also could run ssh service inside the jail and give users opportunity to experiment with ssh and keys :-) > > > > From owner-freebsd-stable@freebsd.org Wed Nov 20 13:37:40 2019 Return-Path: <owner-freebsd-stable@freebsd.org> Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CA34E1B72A3 for <freebsd-stable@mailman.nyi.freebsd.org>; Wed, 20 Nov 2019 13:37:40 +0000 (UTC) (envelope-from meths@btinternet.com) Received: from re-prd-fep-040.btinternet.com (mailomta28-re.btinternet.com [213.120.69.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47J3fC56XLz3KRf for <freebsd-stable@freebsd.org>; Wed, 20 Nov 2019 13:37:38 +0000 (UTC) (envelope-from meths@btinternet.com) Received: from re-prd-rgout-004.btmx-prd.synchronoss.net ([10.2.54.7]) by re-prd-fep-040.btinternet.com with ESMTP id <20191120133737.WAXG11338.re-prd-fep-040.btinternet.com@re-prd-rgout-004.btmx-prd.synchronoss.net> for <freebsd-stable@freebsd.org>; Wed, 20 Nov 2019 13:37:37 +0000 X-Originating-IP: [95.150.228.36] X-OWM-Source-IP: 95.150.228.36 (GB) X-OWM-Env-Sender: meths@btinternet.com X-VadeSecure-score: verdict=clean score=0/300, class=clean X-RazorGate-Vade: gggruggvucftvghtrhhoucdtuddrgedufedrudehtddgheefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuueftkffvkffujffvgffngfevqffopdfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhepvffhuffkffgfgggtgfesthejredttdefjeenucfhrhhomheplfhonhcuvfhisggslhgvuceomhgvthhhshessghtihhnthgvrhhnvghtrdgtohhmqeenucffohhmrghinhepfhhrvggvsghsugdrohhrghenucfkphepleehrdduhedtrddvvdekrdefieenucfrrghrrghmpehhvghloheplgduledvrdduieekrddtrddugeekngdpihhnvghtpeelhedrudehtddrvddvkedrfeeipdhmrghilhhfrhhomhepoehmvghthhhssegsthhinhhtvghrnhgvthdrtghomhequceuqfffjgepkeeukffvoffkoffgpdhrtghpthhtohepoehfrhgvvggsshguqdhsthgrsghlvgesfhhrvggvsghsugdrohhrgheqnecuvehluhhsthgvrhfuihiivgeptd X-RazorGate-Vade-Verdict: clean 0 X-RazorGate-Vade-Classification: clean Received: from [192.168.0.148] (95.150.228.36) by re-prd-rgout-004.btmx-prd.synchronoss.net (5.8.337) (authenticated as meths@btinternet.com) id 5DB07BDD051567C6 for freebsd-stable@freebsd.org; Wed, 20 Nov 2019 13:37:37 +0000 To: freebsd-stable@freebsd.org From: Jon Tibble <meths@btinternet.com> Subject: 12.0->12.1 and beadm/bectl issues Message-ID: <f5643762-181a-68c1-3326-0c1ab13b27ad@btinternet.com> Date: Wed, 20 Nov 2019 13:37:14 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 47J3fC56XLz3KRf X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.05 / 15.00]; HAS_XOIP(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:213.120.69.0/24]; FREEMAIL_FROM(0.00)[btinternet.com]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[btinternet.com:+]; DMARC_POLICY_ALLOW(-0.50)[btinternet.com,reject]; FROM_EQ_ENVFROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[121.69.120.213.list.dnswl.org : 127.0.5.1]; IP_SCORE(0.00)[asn: 2856(0.08), country: GB(-0.08)]; RECEIVED_SPAMHAUS_PBL(0.00)[36.228.150.95.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ASN(0.00)[asn:2856, ipnet:213.120.0.0/14, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[btinternet.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[btinternet.com]; R_DKIM_ALLOW(-0.20)[btinternet.com:s=btmx201904]; NEURAL_HAM_MEDIUM(-0.96)[-0.959,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.99)[-0.986,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>; List-Post: <mailto:freebsd-stable@freebsd.org> List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=subscribe> X-List-Received-Date: Wed, 20 Nov 2019 13:37:40 -0000 Hi, After upgrading from 12.0-RELEASE-p11 to 12.1-RELEASE I was having some issues with kld_load and linux support which, after searching [1], seemed due to a missing /boot folder after the upgrade. This was fixed with 'ln -s /bootpool/boot /boot'. Then yesterday when I was trying to switch from quarterly packages to latest I wanted to use a new boot environment and so went through the beadm create and beadm activate but it wouldn't activate with a zpool.cache cp message and it left the new BE mounted under /tmp. After umounting and destroying I repeated the process with bectl and it worked fine, however, upon reboot I was not in the new BE but the same BE and the new one was still marked as activated for use next boot. So firstly: are the be* issues related to the earlier upgrade fix? Secondly: shouldn't beadm and bectl behave the same? Thirdly: how can I properly activate and boot to a new BE? Below is the command output of the beadm/bectl process described above. If there's any more information I can provide please let me know. Thanks, Jon [1] https://forums.freebsd.org/threads/cannot-identify-running-kernel-after-upgrading-to-freebsd-12.68772/ This is a two disk mirrored zpool on GELI with encrypted swap as configured out of the box by the 12.0 installer. root@prometheus:~ # uname -a FreeBSD prometheus 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC amd64 root@prometheus:~ # beadm list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.1G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 root@prometheus:~ # beadm create test Created successfully root@prometheus:~ # beadm list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.1G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 test - - 8.0K 2019-11-20 13:24 root@prometheus:~ # beadm activate test cp: /tmp/BE-test.pJtR9Rs6/boot/zfs/zpool.cache and /boot/zfs/zpool.cache are identical (not copied). root@prometheus:~ # beadm list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.1G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 test - /tmp/BE-test.pJtR9Rs6 136.0K 2019-11-20 13:24 root@prometheus:~ # beadm umount test Unmounted successfully root@prometheus:~ # beadm list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.1G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 test - - 136.0K 2019-11-20 13:24 root@prometheus:~ # beadm destroy test Are you sure you want to destroy 'test'? This action cannot be undone (y/[n]): y Destroyed successfully root@prometheus:~ # beadm list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.1G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 root@prometheus:~ # bectl list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.14G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 root@prometheus:~ # bectl create test root@prometheus:~ # bectl list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.14G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly NR / 32.7G 2019-11-05 22:24 test - - 8K 2019-11-20 13:25 root@prometheus:~ # bectl activate test successfully activated boot environment test root@prometheus:~ # bectl list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.14G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly N / 8K 2019-11-05 22:24 test R - 32.7G 2019-11-20 13:25 root@prometheus:~ # beadm list BE Active Mountpoint Space Created 12_0-RELEASE-p11 - - 1.1G 2019-10-29 21:33 12_1-RELEASE-p1-quarterly N / 8.0K 2019-11-05 22:24 test R - 32.7G 2019-11-20 13:25 root@prometheus:~ # Following a reboot I'll still be running in 12_1-RELEASE-p1-quarterly and test will still be marked R.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1232388449.5.1574252812064>