Want a nullfs filesystem to be read-only for tech people to search-only
maillog files.
host machine's files:
/var/log/mx1/maillog* files
the maillog files are all 644 and r bit is set all along the path
using ezjail
jail root is /var/jails
jail name is fixit
mkdir -p /var/jails/fixit/mx1
fixit/mx1 dir has 644 and r bit is set all along the path
The directory permissions should have the execute bit set, it should be
set to 755 instead of 644.
mount_nullfs -o ro /var/log/mx1 /var/jails/fixit/mx1
ezjail-admin console fixit as fixit jail root user
I add a user fixit:fixit
ssh logon to fixit jail's ip as user fixit
ll /mx1
gives nothing but:
ls: maillog.45.bz2: Permission denied
ls: maillog.46.bz2: Permission denied
ls: maillog.47.bz2: Permission denied
ls: maillog.48.bz2: Permission denied
ls: maillog.49.bz2: Permission denied
ls: maillog.5.bz2: Permission denied
ls: maillog.50.bz2: Permission denied
ls: maillog.51.bz2: Permission denied
If your permissions are set to 644 on the directories, this is the result
of 'ls'. After changing the directories permissions to 755, the
'Permission denied' errors will stop.
ezjail-admin console fixit
...shows the /mx1/maillog* files all to be 644
If move the jail fixit user from group fixit to group wheel, user fixit
has access to /mx1/maillog* files.
suggestions?
thanks,
Len
--
Regards,
James Edwards
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org