Date: Fri, 2 Jul 2004 14:50:05 +0200 From: Jonas Sonntag <jonas.sonntag@jbhosting.de> To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: strange pw behaviour Message-ID: <200407021450.05509.jonas.sonntag@jbhosting.de> In-Reply-To: <20040702075801.7d3e7109.wmoran@potentialtech.com> References: <200406251500.20839.jonas.sonntag@jbhosting.de> <200407021247.39585.jonas.sonntag@jbhosting.de> <20040702075801.7d3e7109.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bill, first of all, thanks for the input! On Friday 02 July 2004 13:58, Bill Moran wrote: > Did you add the users/groups to the jail, or to the host system? Make sure > that the group file you added this to is the same group file that is being > used by the program. For example, on one of my jail systems, I have > /etc/group, which is pretty stock, and /jail/cgi-jail/etc/group, which has > special groups for CGI clients, and /jail/frontpage/etc/group which has > groups for clients who use frontpage ... etc. I'm within the jail only. I'm using pw from the host system, as you can see from the -V switch to pw, but from thereon I'm logging on to the sshd running inside the jail. So I'm talking about user www inside the jail and /etc/group inside the jail. > Make sure that ownerships show up properly in the environment you're using. > For example, if you have a user "wmoran" with uid 1501 in the host system, > then a user "wmoran" in the jail with uid 1427, you're going to find that > the permissions don't work out right, because file permissions are based on > uid, and the user name is just displayed to make it human-readable. Group > IDs are similar. I don't have any of the groups on the host system, all of them are inside the jail. Within the jail: All group names are displayed right, according to the entries in /etc/group. User www is a member of all 10 groups. User www can list 6 directories and gets Permission denied on 4 directories. > Have you looked at /etc/group (or whatever file is applicable) in a text > editor to make sure everything is correct? The format is described in > "man group" and is pretty easy to eye parse. The format is correct, since all modification is done by pw. The text editor part is the funny one: As soon as I move one of my problematic group entries to another position inside the file using vi, it might work and eventually it might break one of the other groups. I just reordered the file so that the entries are sorted by group id which resulted in 7 directories showing and only 3 showing Permission denied. Sounds weird, right? Still I have no indication what's wrong with the other 3... I would suspect it might be a host/jail issue, but since I have none of the groups on the host while some _do_ work this is not it. Also, I'm really only working inside the jail enviroment and everything looks like it should there. As a sidenote: I have null-mounted the directory in which those 10 directories are located to another jail on the same host system where I have the same problem (showing 5, permission denied on 5 here). Since I don't suspect a bug in pw, maybe someone could enlighten me which other programs might be involved here and I could recompile those before I reinstall the whole world to those jails (not that I think reinstalling something will help, but I'm lost here). Thanks again for the input, Best regards Jonas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407021450.05509.jonas.sonntag>