Thanks for all the advice. I am indeed looking for using jail from the non-root user in the host. Jailme sounds like a good solution.
My use case is providing a relatively save way of giving a user the possibility to experiment with root rights (like creating and installing ports) without wracking the host system. The users are trusted so it is not so much about security. More about keeping the host system clean. Regards, Ronald. Van: Miroslav Lachman <000.f...@quip.cz> Datum: dinsdag, 19 november 2019 20:31 Aan: Christos Chatzaras <ch...@cretaforce.gr>, freebsd-stable <freebsd-stable@freebsd.org> CC: Ronald Klop <ronald-li...@klop.ws> Onderwerp: Re: jexec as user?
Christos Chatzaras wrote on 2019/11/19 14:09: > > >> On 19 Nov 2019, at 15:02, mike tancsa <m...@sentex.net> wrote: >> >> On 11/19/2019 6:42 AM, Ronald Klop wrote: >>> Hi, >>> >>> Is it possible to jexec into a jail as a regular user. Or to enable >>> that somewhere? >>> Or is the way to do such a thing to set up ssh in the jail? >>> >> On 11.3 at least, does not the built in functionality of jexec do what >> you need ? >> >> jexec [-l] [-u username | -U username] jail [command ...] >> >> # jexec -U testuser 3 csh >> testuser@cacticonsole:/ % id >> uid=1005(testuser) gid=1005(testuser) groups=1005(testuser) >> testuser@cacticonsole:/ % >> > > I think he wants to use jexec as a normal user from the main OS. > > If he wants to run jexec as root and login to jail as user then your command works. If you want to use jexec as normal user in host, look at sysutils/jailme from ports: https://www.freshports.org/sysutils/jailme/ This version is installed setuid and does some sanity checking to ensure the username and UID match between the jail and the host system. WWW: https://github.com/Intermedix/jailme Miroslav Lachman PS: I never used jailme personally
_______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
