On Mon, Oct 5, 2009 at 9:19 AM, APseudoUtopia <apseudouto...@gmail.com> wrote:
> On Mon, Oct 5, 2009 at 5:51 AM, Oliver Fromme <o...@lurza.secnetix.de> wrote:
>> APseudoUtopia <apseudouto...@gmail.com> wrote:
>>  > I'm setting up jails on my system. I started with a httpd jail for
>>  > nginx and php to run in. I used ezjail to create it. I went through
>>  > all the steps, and got a jail setup and working. I've logged in and
>>  > out several times and installed a couple ports within the jail. I then
>>  > added a non-privileged user by running "adduser" as root. However,
>>  > that is when the problem came up. For some reason, I cannot switch to
>>  > the unprivileged user. The shell is giving me a "Permission Denied"
>>  > error.
>> What are the permissions on /bin/tcsh inside the jail?
>> Is it executable?  Are the permissions of all of its
>> libraries correct?  ("ldd /bin/tcsh" will list the libs.)
>> Are the permissions on the home directory correct?
>> If everything else fails, trace the shell inside the jail
>> (with strace, truss or ktrace).  It will list the exact
>> system call that fails.
>> By the way, I recommend that jails which contain daemons
>> (such as webservers, databases etc.) do not contain login
>> accounts.  In fact, I never put /bin/tcsh inside a jail
>> that contains a webserver.  Apache certainly doesn't need
>> it.  Some ports do need /bin/csh during the build process,
>> but for building ports I recommend to use a separate jail
>> anyway, create packages and pkg_add them in the actual
>> webserver jail.
>> Just my 2 cents.
>> Best regards
>>   Oliver
> Hi,
> Thanks for the tips. I'm new to jails, and I didn't think it was
> possible to build a jail without tcsh. What shell do you use then?
> Just /bin/sh?
> /bin/tcsh works for fine for root. I log into the jail by using the
> "ezjail-admin console" option, which in turn executes /usr/bin/login.
> It logs in as root with a working tcsh shell. I've even changed the
> prompt of the shell in /root/.cshrc within the jail. I don't think
> it's the tcsh binary itself, rather some other permission. However,
> the information you asked for is below.
> As a matter-of-fact, I first ran into this problem when my web server
> (nginx) received a "permission denied" error for every file.  While
> debugging it, I was asked to su to the "www" user. This is when I ran
> into this problem of getting a permission denied error for tcsh.
> -r-xr-xr-x  2 root  wheel  311400 Oct  5 05:34 /bin/tcsh
> /bin/tcsh:
>        libncurses.so.7 => /lib/libncurses.so.7 (0x280c5000)
>        libcrypt.so.4 => /lib/libcrypt.so.4 (0x28104000)
>        libc.so.7 => /lib/libc.so.7 (0x2811d000)
> -r--r--r--  1 root  wheel  258572 Oct  5 05:34 /lib/libncurses.so.7
> -r--r--r--  1 root  wheel  32020 Oct  5 05:34 /lib/libcrypt.so.4
> -r--r--r--  1 root  wheel  993092 Oct  5 05:34 /lib/libc.so.7
> drwxr-xr-x   3 root  wheel  512 Oct  5 07:49 home
> drwxr-xr-x  2 jailuser  jailuser  512 Oct  5 07:49 jailuser
> The truss trace is on a pastebin (the output seemed too long for an
> email) located at http://pastebin.ca/1594445

Sorry to reply again, but I have some further information.

I used chpass to change the shell of the jailuser account. I tried
/bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the
same "Permission denied" error. Even nologin gave "Permission denied"
instead of "This account is currently not available."
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to