Date: Mon, 12 Apr 2010 22:56:10 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: "Erich Jenkins, Fuujin Group Ltd" <erich@fuujingroup.com> Cc: freebsd-bugs@freebsd.org, freebsd-jail@freebsd.org, =?UTF-8?B?S2FsbGUgTcO4bGxlcg==?= <freebsd-questions@k-moeller.dk> Subject: Re: jail file and directory permissions Message-ID: <20100412223953.K52200@sola.nimnet.asn.au> In-Reply-To: <4BC2E662.1050007@fuujingroup.com> References: <4BC2C578.9080108@fuujingroup.com> <i2l8250ac3f1004120043ga734bbe0s952dda5712ea38a5@mail.gmail.com> <4BC2E662.1050007@fuujingroup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-420784234-1271076970=:52200 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Mon, 12 Apr 2010, Erich Jenkins, Fuujin Group Ltd wrote: > Kalle Møller wrote: > <snip> > > Could you please make a command list on what your doing and with output.. > > like this ... > > > > -- > > > > Med Venlig Hilsen > > > > Kalle R. Møller > </snip> > > Here's what I'm seeing: > > jail0495> pwd > /usr/home/testuser > jail0495> ll > -rw------- 1 testuser rmtuser 1957 Apr 12 02:22 .history > drwxr--r-- 2 root wheel 1024 Apr 12 02:22 testdir > jail0495> users > testuser users just shows the login user, even if you've su'd to root. Can you show `id -p` at this point? > jail0495> cd testdir testuser shouldn't be able to cd to that dir, nor browse it, let alone delete a file in it. sure smells like your effective uid here is root. > jail0495> ll > -rw-r--r-- 2 root wheel 4096 Apr 12 02:24 textfile.txt > jail0495> rm textfile.txt > override rw-r--r-- root/wheel for textfile.txt ? y > jail0495> ll > total 0 > jail0495> > > As you can see, this is of great concern. Indeed. cheers, Ian --0-420784234-1271076970=:52200--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100412223953.K52200>