strange pw behaviour

Bill Moran wmoran at potentialtech.com
Fri Jul 2 04:59:45 PDT 2004 

Jonas Sonntag <jonas.sonntag at jbhosting.de> wrote:
> Hi list,
> 
> must ask again... I'm still stuck with this. It's pretty weird. I have 10 
> directories each owned by a unique group. All 10 directories are set 750.
> The groups have been added using pw and user www has been made a member of 
> every group by using pw. This has worked a hundred times. Information is 
> correct in /etc/group.
> 
> When I open a session as user www by using su and try to list those 10 
> directories by using 'ls -l *' I get 6 times the directory contents and 4 
> times 'Permission denied'. ...All directories are 750 and user www is a 
> member of all groups...
> 
> Looking at 'strings /usr/sbin/pw' I see four CVS tags, the newest three years 
> old. So i don't suspect a bug there.
> Now what could cause behaviour like this? Where should I keep looking for the 
> problem?
> Please see the original post too. It seems I'm either missing something here 
> or something is very broken with my jails.

I saw your previous post, and I'm not sure what's going wrong, but I thought
I'd chime in with some guesses, since you're not getting other input.

Did you add the users/groups to the jail, or to the host system?  Make sure
that the group file you added this to is the same group file that is being
used by the program.  For example, on one of my jail systems, I have
/etc/group, which is pretty stock, and /jail/cgi-jail/etc/group, which has
special groups for CGI clients, and /jail/frontpage/etc/group which has
groups for clients who use frontpage ... etc.

Make sure that ownerships show up properly in the environment you're using.
For example, if you have a user "wmoran" with uid 1501 in the host system,
then a user "wmoran" in the jail with uid 1427, you're going to find that
the permissions don't work out right, because file permissions are based on
uid, and the user name is just displayed to make it human-readable.  Group
IDs are similar.

Administratively, it seems smarter to keep jailed filesystems completely
seperate from host filesystems, as it makes filesystem permissions easier
to not mess up.  Don't access jailed filesystems from the host unless you're
confident in your ability not to get confused.

Have you looked at /etc/group (or whatever file is applicable) in a text
editor to make sure everything is correct?  The format is described in
"man group" and is pretty easy to eye parse.

HTH.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the freebsd-questions mailing list