jail file and directory permissions

Greg Larkin glarkin at FreeBSD.org
Mon Apr 12 13:25:54 UTC 2010

Hash: SHA1

Erich Jenkins, Fuujin Group Ltd wrote:
> Kalle Møller wrote:
> <snip>
>> Could you please make a command list on what your doing and with
>> output.. like this ...
>> -- 
>> Med Venlig Hilsen
>> Kalle R. Møller
> </snip>
> Here's what I'm seeing:
> jail0495> pwd
> /usr/home/testuser
> jail0495> ll
> -rw-------   1 testuser rmtuser   1957 Apr 12 02:22 .history
> drwxr--r--   2 root     wheel     1024 Apr 12 02:22 testdir
> jail0495> users
> testuser
> jail0495> cd testdir
> jail0495> ll
> -rw-r--r--   2 root     wheel     4096 Apr 12 02:24 textfile.txt
> jail0495> rm textfile.txt
> override rw-r--r--  root/wheel for textfile.txt ? y
> jail0495> ll
> total 0
> jail0495>
> As you can see, this is of great concern.

Hi Erich,

I use jails extensively on my company systems here, so I am interested
in this problem.  I set up a test environment that I believe mirrors yours:

jail54# pwd
jail54# ls -al testdir
total 6
drwxr--r--  2 root     wheel    512 Apr 12 08:52 .
drwxr-xr-x  5 glarkin  glarkin  512 Apr 12 08:52 ..
- -rw-r--r--  1 root     wheel      7 Apr 12 08:52 foo.txt
jail54# # exit
[glarkin at jail54 ~]$ cd testdir
- -bash: cd: testdir: Permission denied
[glarkin at jail54 ~]$ rm testdir/foo.txt
rm: testdir/foo.txt: Permission denied
[glarkin at jail54 ~]$ rm -rf testdir
rm: testdir/foo.txt: Permission denied
rm: testdir: Directory not empty

My situation is slightly different than yours, since my jails are based
on FreeBSD 6.4, instead of 7.x.

As a first step to troubleshooting, please log in to your jail as your
non-privileged user, run the following commands from its home directory,
then post the permtest1.log and permtest2.log files somewhere that we
can review them:

truss -f -a -s 256 -o permtest1.log cd testdir

truss -f -a -s 256 -o permtest2.log rm testdir/textfile.txt

Also run the "df" and "mount" commands from the user's home directory
inside the jail as well as from the same directory but outside of the
jail context.  Please post the output of those commands somewhere as well.

Thank you,
- --
Greg Larkin

http://www.FreeBSD.org/           - The Power To Serve
http://www.sourcehosting.net/     - Ready. Set. Code.
http://twitter.com/sourcehosting/ - Follow me, follow you
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the freebsd-bugs mailing list