strange pw behaviour

Bill Moran wmoran at potentialtech.com
Fri Jul 2 06:11:17 PDT 2004 

Jonas Sonntag <jonas.sonntag at jbhosting.de> wrote:
> Hi Bill,
> 
> first of all, thanks for the input!
> 
> On Friday 02 July 2004 13:58, Bill Moran wrote:
> > Did you add the users/groups to the jail, or to the host system?  Make sure
> > that the group file you added this to is the same group file that is being
> > used by the program.  For example, on one of my jail systems, I have
> > /etc/group, which is pretty stock, and /jail/cgi-jail/etc/group, which has
> > special groups for CGI clients, and /jail/frontpage/etc/group which has
> > groups for clients who use frontpage ... etc.
> 
> I'm within the jail only. I'm using pw from the host system, as you can see 
> from the -V switch to pw, but from thereon I'm logging on to the sshd running 
> inside the jail. So I'm talking about user www inside the jail and /etc/group 
> inside the jail.
> 
> > Make sure that ownerships show up properly in the environment you're using.
> > For example, if you have a user "wmoran" with uid 1501 in the host system,
> > then a user "wmoran" in the jail with uid 1427, you're going to find that
> > the permissions don't work out right, because file permissions are based on
> > uid, and the user name is just displayed to make it human-readable.  Group
> > IDs are similar.
> 
> I don't have any of the groups on the host system, all of them are inside the 
> jail.
> Within the jail: All group names are displayed right, according to the entries 
> in /etc/group. User www is a member of all 10 groups. User www can list 6 
> directories and gets Permission denied on 4 directories.
> 
> > Have you looked at /etc/group (or whatever file is applicable) in a text
> > editor to make sure everything is correct?  The format is described in
> > "man group" and is pretty easy to eye parse.
> 
> The format is correct, since all modification is done by pw. The text editor 
> part is the funny one: As soon as I move one of my problematic group entries 
> to another position inside the file using vi, it might work and eventually it 
> might break one of the other groups.
> I just reordered the file so that the entries are sorted by group id which 
> resulted in 7 directories showing and only 3 showing Permission denied.
> 
> Sounds weird, right?
> 
> Still I have no indication what's wrong with the other 3... I would suspect it 
> might be a host/jail issue, but since I have none of the groups on the host 
> while some _do_ work this is not it.
> Also, I'm really only working inside the jail enviroment and everything looks 
> like it should there.
> 
> As a sidenote: I have null-mounted the directory in which those 10 directories 
> are located to another jail on the same host system where I have the same 
> problem (showing 5, permission denied on 5 here).
> 
> Since I don't suspect a bug in pw, maybe someone could enlighten me which 
> other programs might be involved here and I could recompile those before I 
> reinstall the whole world to those jails (not that I think reinstalling 
> something will help, but I'm lost here).

Well, I tried ...

The only other thought I have is that you might have some invalid user names?
(I'm really reaching here ...)

Can you attach the group file so we can verify the syntax.

Beyond that, I'm at a loss.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the freebsd-questions mailing list