[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Re: Weird Permission Denied Error.



I just ran "su -m nobody -c /bin/csh" on one of my jails, and it worked fine.

What does the nobody account look like in /etc/passwd?

Did you modify /etc/login.access at all?





Dan Rue wrote:
On Fri, Aug 10, 2007 at 02:42:09PM -0500, Dan Rue wrote:
# su -m nobody -c 'whoami'
su: /bin/csh: Permission denied

On any normal system, or normal jail, that command works fine.

Just to follow up with more details..  I scratched my jails, and started
over, again, and ran the following commands:
ezjail-admin update -p -i
ezjail-admin create test.therub.org 10.0.0.70
/usr/local/etc/rc.d/ezjail.sh start # jexec 25 /bin/sh
# su -m nobody -c 'whoami'
su: /bin/csh: Permission denied


Note that I created some non-ezjails from the same /usr/src build that
worked fine.

Here's my /etc/rc.conf:
### Host Networking
defaultrouter="10.0.0.1"
hostname="lucky.therub.org"
ifconfig_bge0="inet 10.0.0.7  netmask 255.255.255.0"

# mail.therub.org
ifconfig_bge0_alias0="inet 10.0.0.70 netmask 255.255.255.0"
ifconfig_bge0_alias1="inet 10.0.0.71 netmask 255.255.255.0"
ifconfig_bge0_alias2="inet 10.0.0.72 netmask 255.255.255.0"
ifconfig_bge0_alias3="inet 10.0.0.73 netmask 255.255.255.0"
ifconfig_bge0_alias4="inet 10.0.0.74 netmask 255.255.255.0"
ifconfig_bge0_alias5="inet 10.0.0.75 netmask 255.255.255.0"
ifconfig_bge0_alias6="inet 10.0.0.76 netmask 255.255.255.0"

### USB
usbd_enable="YES"

### SSH
sshd_enable="YES"

### Time
ntpd_enable="YES"
ntpd_sync_on_start="YES"

### Jail-safe syslogd flags
syslogd_flags="-s -b 10.0.0.7"

### Enable Postfix
postfix_enable="YES"
postfix_flags=""

### Disable Sendmail
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

ezjail_enable="YES"


I've played with sysvipc (no difference).  I've played with
jail.allow_raw_socket - no difference.
Am I cursed?  *tears his hair out*

Dan


--

Patrick Wolfe (patrick.wolfe AT employease DOT com)
Production Engineer, ADP Employease

office: 770-325-7724
mobile: 404-213-1453
fax:    770-325-7702