RE: jail login and replication problems
[EMAIL PROTECTED] wrote: Hi Dan, Did you ever find a solution to this problem? I've had the exact same problem, and have tried various different things to resolve it... all to no avail. It's really annoying have to remake the jail from scratch every time, as I'd much rather do the configuration once, and use it as a cookie-cutter for future jails. Hi, For duplicating jail, use the utility called cpdup. Tar does not work for this. Bye Philippe Patrick On 7/26/05, Dan Rue [EMAIL PROTECTED] wrote: Greetings, I am setting up multiple jails on a machine. The first jail, everything works fine. If I add a user, that user can log in. If I tar cvzpf the jail, tar xvzpf to create a new one, some people can log into the new jail, and some can not. The user that can log in to the new one was the first user created (me), but any subsequent users can not log into new jails.. The symptom is right after accepting the password via ssh, the connection will just get dropped. I could not find any good error messages using ssh.. But if I enable telnet and try to telnet in, I receive this error in /var/log/messages: Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied The permissions on those files are fine. So what would cause that error in jails that have been replicated using tar, but only to some users? I'm stumped.. Here's my rc.conf exerpt: jail_enable=YES jail_list=jail3 jail_socket_unixiproute_only=NO jail_sysvipc_allow=YES # allow shared mem on all jails jail_jail3_rootdir=/jails/jail3 jail_jail3_hostname=jail3.example.com jail_jail3_ip=10.0.0.203 jail_jail3_procfs_enable=YES jail_jail3_devfs_enable=YES jail_jail3_devfs_ruleset=devfsrules_jail tia, Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
Re: jail login and replication problems
On Jul 7, 2006, at 12:41 AM, Philippe Lang wrote: [EMAIL PROTECTED] wrote: Hi Dan, Did you ever find a solution to this problem? I've had the exact same problem, and have tried various different things to resolve it... all to no avail. It's really annoying have to remake the jail from scratch every time, as I'd much rather do the configuration once, and use it as a cookie-cutter for future jails. Hi, For duplicating jail, use the utility called cpdup. Tar does not work for this. Why not? I use it (though in a modified way -- I tar a base jail without /bin /usr etc but with /etc etc and then I use nullfs mounts to duplicate one base jail install. But my /etc in each jail is copied with tar (as is a bunch of stuff including the base / with dirs for usr bin sbin etc) and it works Chad Bye Philippe Patrick On 7/26/05, Dan Rue [EMAIL PROTECTED] wrote: Greetings, I am setting up multiple jails on a machine. The first jail, everything works fine. If I add a user, that user can log in. If I tar cvzpf the jail, tar xvzpf to create a new one, some people can log into the new jail, and some can not. The user that can log in to the new one was the first user created (me), but any subsequent users can not log into new jails.. The symptom is right after accepting the password via ssh, the connection will just get dropped. I could not find any good error messages using ssh.. But if I enable telnet and try to telnet in, I receive this error in /var/log/messages: Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied The permissions on those files are fine. So what would cause that error in jails that have been replicated using tar, but only to some users? I'm stumped.. Here's my rc.conf exerpt: jail_enable=YES jail_list=jail3 jail_socket_unixiproute_only=NO jail_sysvipc_allow=YES # allow shared mem on all jails jail_jail3_rootdir=/jails/jail3 jail_jail3_hostname=jail3.example.com jail_jail3_ip=10.0.0.203 jail_jail3_procfs_enable=YES jail_jail3_devfs_enable=YES jail_jail3_devfs_ruleset=devfsrules_jail tia, Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] --- Philippe Lang Attik System --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: jail login and replication problems
Chad Leigh -- Shire.Net LLC wrote: Hi Dan, Did you ever find a solution to this problem? I've had the exact same problem, and have tried various different things to resolve it... all to no avail. It's really annoying have to remake the jail from scratch every time, as I'd much rather do the configuration once, and use it as a cookie-cutter for future jails. Hi, For duplicating jail, use the utility called cpdup. Tar does not work for this. Why not? I use it (though in a modified way -- I tar a base jail without /bin /usr etc but with /etc etc and then I use nullfs mounts to duplicate one base jail install. But my /etc in each jail is copied with tar (as is a bunch of stuff including the base / with dirs for usr bin sbin etc) and it works Well, Well, to be precise, tar did work for me too once or twice, but because of some filesystem related issues, I read several times that cpdup is a preferred method. I cannot tell more (I'm sure others readers in this list will), I'm sorry, except that you can use cpdup both eyes closed... --- Philippe Lang Attik System smime.p7s Description: S/MIME cryptographic signature
Re: jail login and replication problems
Hi Dan, Did you ever find a solution to this problem? I've had the exact same problem, and have tried various different things to resolve it... all to no avail. It's really annoying have to remake the jail from scratch every time, as I'd much rather do the configuration once, and use it as a cookie-cutter for future jails. Patrick On 7/26/05, Dan Rue [EMAIL PROTECTED] wrote: Greetings, I am setting up multiple jails on a machine. The first jail, everything works fine. If I add a user, that user can log in. If I tar cvzpf the jail, tar xvzpf to create a new one, some people can log into the new jail, and some can not. The user that can log in to the new one was the first user created (me), but any subsequent users can not log into new jails.. The symptom is right after accepting the password via ssh, the connection will just get dropped. I could not find any good error messages using ssh.. But if I enable telnet and try to telnet in, I receive this error in /var/log/messages: Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied The permissions on those files are fine. So what would cause that error in jails that have been replicated using tar, but only to some users? I'm stumped.. Here's my rc.conf exerpt: jail_enable=YES jail_list=jail3 jail_socket_unixiproute_only=NO jail_sysvipc_allow=YES # allow shared mem on all jails jail_jail3_rootdir=/jails/jail3 jail_jail3_hostname=jail3.example.com jail_jail3_ip=10.0.0.203 jail_jail3_procfs_enable=YES jail_jail3_devfs_enable=YES jail_jail3_devfs_ruleset=devfsrules_jail tia, Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: jail login and replication problems
At 03:41 PM 7/6/2006, patrick wrote: Hi Dan, Did you ever find a solution to this problem? I've had the exact same problem, and have tried various different things to resolve it... all to no avail. It's really annoying have to remake the jail from scratch every time, as I'd much rather do the configuration once, and use it as a cookie-cutter for future jails. If you build the template jail in it's own partition and then dump(8) it to a file, you can then restore(8) it to where ever it needs to be and it will work fine. If you don't have an empty partition to use, you can use mdconfig(8) to create a vnode backed memory disk to build the template jail in. I just finished putting together a system with about 20 jails that were replicated that way. They all worked fine. -Glenn Patrick On 7/26/05, Dan Rue [EMAIL PROTECTED] wrote: Greetings, I am setting up multiple jails on a machine. The first jail, everything works fine. If I add a user, that user can log in. If I tar cvzpf the jail, tar xvzpf to create a new one, some people can log into the new jail, and some can not. The user that can log in to the new one was the first user created (me), but any subsequent users can not log into new jails.. The symptom is right after accepting the password via ssh, the connection will just get dropped. I could not find any good error messages using ssh.. But if I enable telnet and try to telnet in, I receive this error in /var/log/messages: Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied The permissions on those files are fine. So what would cause that error in jails that have been replicated using tar, but only to some users? I'm stumped.. Here's my rc.conf exerpt: jail_enable=YES jail_list=jail3 jail_socket_unixiproute_only=NO jail_sysvipc_allow=YES # allow shared mem on all jails jail_jail3_rootdir=/jails/jail3 jail_jail3_hostname=jail3.example.com jail_jail3_ip=10.0.0.203 jail_jail3_procfs_enable=YES jail_jail3_devfs_enable=YES jail_jail3_devfs_ruleset=devfsrules_jail tia, Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: jail login and replication problems
Sure - Had to consult my IRC logs to remember what my problem was. Turns out, my umask was set to 027, and so the root directory of the jails was drwxr-x--- 7 root wheel 512 Jul 27 13:18 /jails/myjail.. I would search for similar permissions issues, Hope that helps, drue On Thu, Jul 06, 2006 at 03:41:59PM -0700, patrick wrote: Hi Dan, Did you ever find a solution to this problem? I've had the exact same problem, and have tried various different things to resolve it... all to no avail. It's really annoying have to remake the jail from scratch every time, as I'd much rather do the configuration once, and use it as a cookie-cutter for future jails. Patrick On 7/26/05, Dan Rue [EMAIL PROTECTED] wrote: Greetings, I am setting up multiple jails on a machine. The first jail, everything works fine. If I add a user, that user can log in. If I tar cvzpf the jail, tar xvzpf to create a new one, some people can log into the new jail, and some can not. The user that can log in to the new one was the first user created (me), but any subsequent users can not log into new jails.. The symptom is right after accepting the password via ssh, the connection will just get dropped. I could not find any good error messages using ssh.. But if I enable telnet and try to telnet in, I receive this error in /var/log/messages: Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied The permissions on those files are fine. So what would cause that error in jails that have been replicated using tar, but only to some users? I'm stumped.. Here's my rc.conf exerpt: jail_enable=YES jail_list=jail3 jail_socket_unixiproute_only=NO jail_sysvipc_allow=YES # allow shared mem on all jails jail_jail3_rootdir=/jails/jail3 jail_jail3_hostname=jail3.example.com jail_jail3_ip=10.0.0.203 jail_jail3_procfs_enable=YES jail_jail3_devfs_enable=YES jail_jail3_devfs_ruleset=devfsrules_jail tia, Dan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: jail login and replication problems
Dan Rue [EMAIL PROTECTED] writes: Greetings, I am setting up multiple jails on a machine. The first jail, everything works fine. If I add a user, that user can log in. If I tar cvzpf the jail, tar xvzpf to create a new one, some people can log into the new jail, and some can not. The user that can log in to the new one was the first user created (me), but any subsequent users can not log into new jails.. The symptom is right after accepting the password via ssh, the connection will just get dropped. I could not find any good error messages using ssh.. But if I enable telnet and try to telnet in, I receive this error in /var/log/messages: Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /home/user3/.login_conf: Permission denied Jul 26 16:11:46 jail3 login: _secure_path: cannot stat /etc/login.conf: Permission denied The permissions on those files are fine. So what would cause that error in jails that have been replicated using tar, but only to some users? I'm stumped.. Here's my rc.conf exerpt: jail_enable=YES jail_list=jail3 jail_socket_unixiproute_only=NO jail_sysvipc_allow=YES # allow shared mem on all jails jail_jail3_rootdir=/jails/jail3 jail_jail3_hostname=jail3.example.com jail_jail3_ip=10.0.0.203 jail_jail3_procfs_enable=YES jail_jail3_devfs_enable=YES jail_jail3_devfs_ruleset=devfsrules_jail Try comparing the home directories of the different users. And if you crank up the verbosity of sshd, you may get more useful information. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
