Jail in zfs filesystem: non-root user has no access
javocado
javocado at gmail.com
Sat Jan 17 18:04:04 UTC 2015
System: FreeBSD 8.4 amd
We have a jail in a zfs filesystem with the following create properties:
zpool create -O devices=off -O atime=off -O setuid=off -O exec=off -O
compression=on ...
zfs create -o devices=off -o atime=off -o setuid=off -o compression=on -o
...
Everything works and runs fine, but when we try to do anything as a
non-root user we run into issues:
ssh user at x.x.x.x
Password:
Last login: Thu Jan 15 16:40:14 2015 from 209.242.167.133
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights reserved.
Could not chdir to home directory /home/user: Permission denied
/bin/csh: Permission denied
Connection to x.x.x.x closed.
----------------
[root @ xxxxx] /# su user
su: /bin/sh: Permission denied
----------------
Permissions on the dir are fine:
# ll
1 lrwxr-xr-x 1 root wheel 8 Jan 11 2012 home@ -> usr/home
...
# ll usr
24 drwxr-xr-x 17 root wheel 17 Jan 11 2012 ./
24 drwx------ 18 root wheel 23 Jan 11 2012 ../
...
# ll usr/home
24 drwxr-xr-x 3 root wheel 3 Jan 11 2012 ./
24 drwxr-xr-x 17 root wheel 17 Jan 11 2012 ../
24 drwxr-xr-x 2 user user 10 Jan 11 2012 user/
My suspicion is it has to do with the setuid=off or exec=off on the pool,
since these settings set to "=on" on the zfs device itself have no impact.
But, before I tinker with the pool...which I'm not prepared to do for other
security-related reasons, I wanted to confirm what may be causing this.
Thanks!
More information about the freebsd-jail
mailing list