On Mon, Oct 5, 2009 at 9:19 AM, APseudoUtopia <apseudouto...@gmail.com> wrote:
> On Mon, Oct 5, 2009 at 5:51 AM, Oliver Fromme <o...@lurza.secnetix.de> wrote:
>> APseudoUtopia <apseudouto...@gmail.com> wrote:
>> > I'm setting up jails on my system. I started with a httpd jail for
>> > nginx and php to run in. I used ezjail to create it. I went through
>> > all the steps, and got a jail setup and working. I've logged in and
>> > out several times and installed a couple ports within the jail. I then
>> > added a non-privileged user by running "adduser" as root. However,
>> > that is when the problem came up. For some reason, I cannot switch to
>> > the unprivileged user. The shell is giving me a "Permission Denied"
>> > error.
>>
>> What are the permissions on /bin/tcsh inside the jail?
>> Is it executable? Are the permissions of all of its
>> libraries correct? ("ldd /bin/tcsh" will list the libs.)
>> Are the permissions on the home directory correct?
>>
>> If everything else fails, trace the shell inside the jail
>> (with strace, truss or ktrace). It will list the exact
>> system call that fails.
>>
>> By the way, I recommend that jails which contain daemons
>> (such as webservers, databases etc.) do not contain login
>> accounts. In fact, I never put /bin/tcsh inside a jail
>> that contains a webserver. Apache certainly doesn't need
>> it. Some ports do need /bin/csh during the build process,
>> but for building ports I recommend to use a separate jail
>> anyway, create packages and pkg_add them in the actual
>> webserver jail.
>>
>> Just my 2 cents.
>>
>> Best regards
>> Oliver
>>
>>
>
> Hi,
>
> Thanks for the tips. I'm new to jails, and I didn't think it was
> possible to build a jail without tcsh. What shell do you use then?
> Just /bin/sh?
>
> /bin/tcsh works for fine for root. I log into the jail by using the
> "ezjail-admin console" option, which in turn executes /usr/bin/login.
> It logs in as root with a working tcsh shell. I've even changed the
> prompt of the shell in /root/.cshrc within the jail. I don't think
> it's the tcsh binary itself, rather some other permission. However,
> the information you asked for is below.
>
> As a matter-of-fact, I first ran into this problem when my web server
> (nginx) received a "permission denied" error for every file. While
> debugging it, I was asked to su to the "www" user. This is when I ran
> into this problem of getting a permission denied error for tcsh.
>
> -r-xr-xr-x 2 root wheel 311400 Oct 5 05:34 /bin/tcsh
>
> /bin/tcsh:
> libncurses.so.7 => /lib/libncurses.so.7 (0x280c5000)
> libcrypt.so.4 => /lib/libcrypt.so.4 (0x28104000)
> libc.so.7 => /lib/libc.so.7 (0x2811d000)
>
> -r--r--r-- 1 root wheel 258572 Oct 5 05:34 /lib/libncurses.so.7
> -r--r--r-- 1 root wheel 32020 Oct 5 05:34 /lib/libcrypt.so.4
> -r--r--r-- 1 root wheel 993092 Oct 5 05:34 /lib/libc.so.7
>
> drwxr-xr-x 3 root wheel 512 Oct 5 07:49 home
> drwxr-xr-x 2 jailuser jailuser 512 Oct 5 07:49 jailuser
>
> The truss trace is on a pastebin (the output seemed too long for an
> email) located at http://pastebin.ca/1594445
>
Sorry to reply again, but I have some further information.
I used chpass to change the shell of the jailuser account. I tried
/bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the
same "Permission denied" error. Even nologin gave "Permission denied"
instead of "This account is currently not available."
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
