On Mon, Oct 5, 2009 at 9:19 AM, APseudoUtopia <apseudouto...@gmail.com> wrote: > On Mon, Oct 5, 2009 at 5:51 AM, Oliver Fromme <o...@lurza.secnetix.de> wrote: >> APseudoUtopia <apseudouto...@gmail.com> wrote: >> > I'm setting up jails on my system. I started with a httpd jail for >> > nginx and php to run in. I used ezjail to create it. I went through >> > all the steps, and got a jail setup and working. I've logged in and >> > out several times and installed a couple ports within the jail. I then >> > added a non-privileged user by running "adduser" as root. However, >> > that is when the problem came up. For some reason, I cannot switch to >> > the unprivileged user. The shell is giving me a "Permission Denied" >> > error. >> >> What are the permissions on /bin/tcsh inside the jail? >> Is it executable? Are the permissions of all of its >> libraries correct? ("ldd /bin/tcsh" will list the libs.) >> Are the permissions on the home directory correct? >> >> If everything else fails, trace the shell inside the jail >> (with strace, truss or ktrace). It will list the exact >> system call that fails. >> >> By the way, I recommend that jails which contain daemons >> (such as webservers, databases etc.) do not contain login >> accounts. In fact, I never put /bin/tcsh inside a jail >> that contains a webserver. Apache certainly doesn't need >> it. Some ports do need /bin/csh during the build process, >> but for building ports I recommend to use a separate jail >> anyway, create packages and pkg_add them in the actual >> webserver jail. >> >> Just my 2 cents. >> >> Best regards >> Oliver >> >> > > Hi, > > Thanks for the tips. I'm new to jails, and I didn't think it was > possible to build a jail without tcsh. What shell do you use then? > Just /bin/sh? > > /bin/tcsh works for fine for root. I log into the jail by using the > "ezjail-admin console" option, which in turn executes /usr/bin/login. > It logs in as root with a working tcsh shell. I've even changed the > prompt of the shell in /root/.cshrc within the jail. I don't think > it's the tcsh binary itself, rather some other permission. However, > the information you asked for is below. > > As a matter-of-fact, I first ran into this problem when my web server > (nginx) received a "permission denied" error for every file. While > debugging it, I was asked to su to the "www" user. This is when I ran > into this problem of getting a permission denied error for tcsh. > > -r-xr-xr-x 2 root wheel 311400 Oct 5 05:34 /bin/tcsh > > /bin/tcsh: > libncurses.so.7 => /lib/libncurses.so.7 (0x280c5000) > libcrypt.so.4 => /lib/libcrypt.so.4 (0x28104000) > libc.so.7 => /lib/libc.so.7 (0x2811d000) > > -r--r--r-- 1 root wheel 258572 Oct 5 05:34 /lib/libncurses.so.7 > -r--r--r-- 1 root wheel 32020 Oct 5 05:34 /lib/libcrypt.so.4 > -r--r--r-- 1 root wheel 993092 Oct 5 05:34 /lib/libc.so.7 > > drwxr-xr-x 3 root wheel 512 Oct 5 07:49 home > drwxr-xr-x 2 jailuser jailuser 512 Oct 5 07:49 jailuser > > The truss trace is on a pastebin (the output seemed too long for an > email) located at http://pastebin.ca/1594445 >
Sorry to reply again, but I have some further information. I used chpass to change the shell of the jailuser account. I tried /bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the same "Permission denied" error. Even nologin gave "Permission denied" instead of "This account is currently not available." _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"