On Sat, 2016-08-27 at 12:07 +0200, Santiago Vila wrote: > On Fri, Aug 26, 2016 at 09:36:12AM -0300, Daniel Bareiro wrote: [...] > > I think that jailkit just copies the permissions that Debian has set as > > default for /bin which are different now according to the jailkit shell. > > > > There seems to be a difference in the permissions for stable compared to > > oldstable: > > > > ------------------------------------------------------------------------- > > root@pfc:~# cat /etc/debian_version > > 7.10 > > root@pfc:~# ls -ld /bin/ > > drwxr-xr-x 2 root root 4096 mar 6 16:14 /bin/ > > ------------------------------------------------------------------------- > > > > ------------------------------------------------------------------------- > > root@ispconfig:/var/www/clients/client1/web11# cat /etc/debian_version > > 8.5 > > root@ispconfig:/var/www/clients/client1/web11# ls -ld /bin/ > > drwxrwxr-x 2 root root 4096 Jun 9 16:20 /bin/ > > root@ispconfig:/var/www/clients/client1/web11# ls -ld ./bin/ > > drwxr-xr-x 2 root root 4096 Jun 28 15:37 ./bin/ > > ------------------------------------------------------------------------- > > > > Although I'm not sure why the Debian developers did this change or if it > > is a bug. > > It would be a bug, yes, but that's not a change that we made. > > A standard install of Debian jessie is usually made by a program > called debian-installer. This program runs from a bootable USB stick > (or from optical media) and uses a program called debootstrap to > install a minimal Debian system in the partition which will become the > root partition. > > One of the very first packages that debootstrap installs is base-files, > which contains an empty usr/bin with correct persmissions. You can > check this by downloading the .deb package from any mirror: > > # dpkg -c base-files_8+deb8u5_amd64.deb | grep usr/bin > drwxr-xr-x root/root 0 2016-05-30 06:18 ./usr/bin/
fwiw I think this might be a side-effect of the issues described in https://lists.debian.org/debian-release/2016/03/msg00035.html and surrounding messages. Regards, Adam