[Vserver] host and guest UID and GID
Hello Guys, I have the following situation, where users on the host become owners of the home directories of the users of the guest. [EMAIL PROTECTED]:/var/lib/vservers/vn/home# ls -alh total 44K drwxr-xr-x 11 root root 4.0K Mar 25 18:42 . drwxr-xr-x 20 root root 4.0K Mar 17 00:39 .. drwxr-xr-x 3 services services 4.0K Mar 24 00:16 agra drwxr-xr-x 6 spectre spectre 4.0K Mar 25 13:30 cipri ... As you can see user services on the HOST can now have full access to the home directory of user agra on the guest. Is there a way this can be solved, or do I have to start numbering the UIDs and GIDs on the Guest from higher numbers? Regards, -Nikolay Kichukov p.s. Some useful information would be: [EMAIL PROTECTED]:/usr/sbin# vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.209; Jan 8 2006, 12:24:41 Features: CC: gcc, gcc (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CXX: g++, g++ (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i486-pc-linux-gnu/i486-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. [EMAIL PROTECTED]:/usr/sbin# ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] host and guest UID and GID
On Sun, Mar 26, 2006 at 01:31:47PM +0300, Nikolay Kichukov wrote: Is there a way this can be solved, or do I have to start numbering the UIDs and GIDs on the Guest from higher numbers? chmod 000 /var/lib/vservers -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] host and guest UID and GID
Hi, thanks for the advise, but that did not work. Did you mean chmod -R 000 /var/lib/vservers? Regards, -Nikolay Kichukov - Original Message - From: Peter Mann [EMAIL PROTECTED] To: vserver@list.linux-vserver.org Sent: Sunday, March 26, 2006 2:13 PM Subject: Re: [Vserver] host and guest UID and GID On Sun, Mar 26, 2006 at 01:31:47PM +0300, Nikolay Kichukov wrote: Is there a way this can be solved, or do I have to start numbering the UIDs and GIDs on the Guest from higher numbers? chmod 000 /var/lib/vservers -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] host and guest UID and GID
thanks for the effort all. That did indeed work. It was my mistake listing the files and directories under the root account only and again seeing the bogous ownerships. Now it is fine ;-) Thanks, -Nikolay Kichukov - Original Message - From: Peter Mann [EMAIL PROTECTED] To: vserver@list.linux-vserver.org Sent: Sunday, March 26, 2006 4:31 PM Subject: Re: [Vserver] host and guest UID and GID On Sun, Mar 26, 2006 at 01:31:47PM +0300, Nikolay Kichukov wrote: I have the following situation, where users on the host become owners of the home directories of the users of the guest. [EMAIL PROTECTED]:/var/lib/vservers/vn/home# ls -alh total 44K drwxr-xr-x 11 root root 4.0K Mar 25 18:42 . drwxr-xr-x 20 root root 4.0K Mar 17 00:39 .. drwxr-xr-x 3 services services 4.0K Mar 24 00:16 agra drwxr-xr-x 6 spectre spectre 4.0K Mar 25 13:30 cipri ... As you can see user services on the HOST can now have full access to the home directory of user agra on the guest. On Sun, Mar 26, 2006 at 03:45:06PM +0300, Nikolay Kichukov wrote: thanks for the advise, but that did not work. Did you mean chmod -R 000 /var/lib/vservers? no ... i mean chmod 000 /var/lib/vservers ... your ls -alh command is root command, so 'spectre' or 'services' is only output of 'ls' command ... if you don't have some uid/gid on host, you see only numerical value try 'ls' command as user 'spectre', not root ... so they're not real owners ... http://linux-vserver.org/chroot-barrier -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver