Problem with r-o access in jail
Len Conrad
lconrad at Go2France.com
Tue Aug 21 15:27:40 UTC 2012
Want a nullfs filesystem to be read-only for tech people to search-only maillog files.
host machine's files:
/var/log/mx1/maillog* files
the maillog files are all 644 and r bit is set all along the path
using ezjail
jail root is /var/jails
jail name is fixit
mkdir -p /var/jails/fixit/mx1
fixit/mx1 dir has 644 and r bit is set all along the path
mount_nullfs -o ro /var/log/mx1 /var/jails/fixit/mx1
"ezjail-admin console fixit" as fixit jail root user
I add a user fixit:fixit
ssh logon to fixit jail's ip as user fixit
ll /mx1
gives nothing but:
ls: maillog.45.bz2: Permission denied
ls: maillog.46.bz2: Permission denied
ls: maillog.47.bz2: Permission denied
ls: maillog.48.bz2: Permission denied
ls: maillog.49.bz2: Permission denied
ls: maillog.5.bz2: Permission denied
ls: maillog.50.bz2: Permission denied
ls: maillog.51.bz2: Permission denied
ezjail-admin console fixit
...shows the /mx1/maillog* files all to be 644
If move the jail fixit user from group fixit to group wheel, user fixit has access to /mx1/maillog* files.
suggestions?
thanks,
Len
More information about the freebsd-questions
mailing list