Can you jexec into the jail as that user ? -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN
On Jan 17, 2015, at 12:04, javocado <javoc...@gmail.com> wrote: System: FreeBSD 8.4 amd We have a jail in a zfs filesystem with the following create properties: zpool create -O devices=off -O atime=off -O setuid=off -O exec=off -O compression=on ... zfs create -o devices=off -o atime=off -o setuid=off -o compression=on -o ... Everything works and runs fine, but when we try to do anything as a non-root user we run into issues: ssh user@x.x.x.x Password: Last login: Thu Jan 15 16:40:14 2015 from 209.242.167.133 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. Could not chdir to home directory /home/user: Permission denied /bin/csh: Permission denied Connection to x.x.x.x closed. ---------------- [root @ xxxxx] /# su user su: /bin/sh: Permission denied ---------------- Permissions on the dir are fine: # ll 1 lrwxr-xr-x 1 root wheel 8 Jan 11 2012 home@ -> usr/home ... # ll usr 24 drwxr-xr-x 17 root wheel 17 Jan 11 2012 ./ 24 drwx------ 18 root wheel 23 Jan 11 2012 ../ ... # ll usr/home 24 drwxr-xr-x 3 root wheel 3 Jan 11 2012 ./ 24 drwxr-xr-x 17 root wheel 17 Jan 11 2012 ../ 24 drwxr-xr-x 2 user user 10 Jan 11 2012 user/ My suspicion is it has to do with the setuid=off or exec=off on the pool, since these settings set to "=on" on the zfs device itself have no impact. But, before I tinker with the pool...which I'm not prepared to do for other security-related reasons, I wanted to confirm what may be causing this. Thanks! _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
smime.p7s
Description: S/MIME cryptographic signature
