From owner-freebsd-bugs@FreeBSD.ORG Mon Apr 12 13:12:33 2010 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6D5A106566C for ; Mon, 12 Apr 2010 13:12:33 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 58E1E8FC1E for ; Mon, 12 Apr 2010 13:12:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id o3CCuAlB004123; Mon, 12 Apr 2010 22:56:11 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 12 Apr 2010 22:56:10 +1000 (EST) From: Ian Smith To: "Erich Jenkins, Fuujin Group Ltd" In-Reply-To: <4BC2E662.1050007@fuujingroup.com> Message-ID: <20100412223953.K52200@sola.nimnet.asn.au> References: <4BC2C578.9080108@fuujingroup.com> <4BC2E662.1050007@fuujingroup.com> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-420784234-1271076970=:52200" Cc: freebsd-bugs@freebsd.org, freebsd-jail@freebsd.org, =?UTF-8?B?S2FsbGUgTcO4bGxlcg==?= Subject: Re: jail file and directory permissions X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2010 13:12:34 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-420784234-1271076970=:52200 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT On Mon, 12 Apr 2010, Erich Jenkins, Fuujin Group Ltd wrote: > Kalle Møller wrote: > > > Could you please make a command list on what your doing and with output.. > > like this ... > > > > -- > > > > Med Venlig Hilsen > > > > Kalle R. Møller > > > Here's what I'm seeing: > > jail0495> pwd > /usr/home/testuser > jail0495> ll > -rw------- 1 testuser rmtuser 1957 Apr 12 02:22 .history > drwxr--r-- 2 root wheel 1024 Apr 12 02:22 testdir > jail0495> users > testuser users just shows the login user, even if you've su'd to root. Can you show `id -p` at this point? > jail0495> cd testdir testuser shouldn't be able to cd to that dir, nor browse it, let alone delete a file in it. sure smells like your effective uid here is root. > jail0495> ll > -rw-r--r-- 2 root wheel 4096 Apr 12 02:24 textfile.txt > jail0495> rm textfile.txt > override rw-r--r-- root/wheel for textfile.txt ? y > jail0495> ll > total 0 > jail0495> > > As you can see, this is of great concern. Indeed. cheers, Ian --0-420784234-1271076970=:52200--