[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Re: Weird Permission Denied Error.

What does "type su" display?

What does "file /bin/csh" display?

Can you do the "su -m nobody -c /bin/csh" on the host system (outside the jail)?

Dan Rue wrote:
On Fri, Aug 10, 2007 at 04:36:23PM -0400, Patrick Wolfe wrote:
I just ran "su -m nobody -c /bin/csh" on one of my jails, and it worked fine.

What does the nobody account look like in /etc/passwd?

Did you modify /etc/login.access at all?

Default stuff:
root@lucky:/usr# jexec 25 /bin/sh
# cat /etc/passwd
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp
# $
root:*:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission
mailnull:*:26:26:Sendmail Default
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
_dhcp:*:65:65:dhcp programs:/var/empty:/usr/sbin/nologin
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
# uname -a
FreeBSD test.therub.org 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #0: Sat
Jun 30 09:50:33 CDT 2007
root AT lucky.therub DOT org:/usr/obj/usr/src/sys/SMP  i386

No changes anywhere - not login.access, or elsewhere. Doesn't matter which system user, or which command. I.e. # su -m sshd -c 'echo "asdf"'
su: /bin/csh: Permission denied

Furthermore, it doesn't matter if the user has a valid shell or home
directory - unless i try to su to root, i can't use su -c.
test# su -m drue -c 'whoami'
su: /bin/csh: Permission denied
test# su - drue -c 'whoami'
su: /bin/sh: Permission denied
test# su drue -c 'whoami'
su: /bin/sh: Permission denied
test# su - root -c 'whoami'
test# su -m root -c 'whoami'
test# su nobody -c 'whoami'
su: /bin/csh: Permission denied


Patrick Wolfe (patrick.wolfe AT employease DOT com)
Production Engineer, ADP Employease

office: 770-325-7724
mobile: 404-213-1453
fax:    770-325-7702