DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th June 2008
bgobs bgobs is offline
Port Guard
 
Join Date: Jun 2008
Location: Sofia, BG
Posts: 17
Default help for setting ezjail?

this is what i did:

#cd /usr/ports/sysutils/ezjail && make install clean
#cp /usr/local/etc/ezjail.conf.sample /usr/local/etc/ezjail.conf
#vi /usr/local/etc/ezjail.conf #and I uncomment all, so my conf have default values
#ezjail-admin update

#ifconfig rl0 alias 192.168.1.50 netmask 255.255.255.0
#echo 'ifconfig_rl0_alias0="inet 192.168.1.50 netmask 255.255.255.0"' >> /etc/rc.conf

#ezjail-admin create www.my-domain.com 192.168.1.50
#/usr/local/etc/rc.d/ezjail.sh start

#jail /usr/jails/www.my-domain.com www.my-domain.com 192.168.1.50 /bin/sh

and i get this error:
jail: execv: /bin/sh: No such file or directory

#ls -la /usr/jails/www.my-domain.com
...
lrwxrwxrwx 1 root wheel 13 Jun 13 18:34 bin -> /basejail/bin
...

#/usr/jails/www.my-domain.com/basejail is empty

#/usr/jails/basejail/bin has sh

# ezjail-admin list
...
DS N/A 192.168.1.50 www.my-domain.com /usr/jails/www.my-domain.com


do i need to change some path in some conf?

or i must copy all files from /usr/jails/basejail/ to each jail's basejail directory?

or i miss something important for creating jail with ezjail?

edit:
i'm using FreeBSD 6.2-RELEASE and ezjail-2.1

Last edited by bgobs; 13th June 2008 at 04:49 PM.
Reply With Quote
  #2   (View Single Post)  
Old 13th June 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

Looks like you left off admin update?
I have a page on it at http://www.scottro.net/qnd/qnd-ezjail.html
Reply With Quote
  #3   (View Single Post)  
Old 13th June 2008
bgobs bgobs is offline
Port Guard
 
Join Date: Jun 2008
Location: Sofia, BG
Posts: 17
Default

Quote:
Originally Posted by scottro View Post
Looks like you left off admin update?
I have a page on it at http://www.scottro.net/qnd/qnd-ezjail.html
#ezjail-admin update
this?

if its not this - what update ?

just in case i did:
#ezjail-admin update -i

but i still have the same error...
__________________
FreeBSD 6.2 RELEASE
Reply With Quote
  #4   (View Single Post)  
Old 13th June 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

No, that's what I meant, I missed it on first reading I was rushing. (as I am now, I fear, so if I miss something you already wrote that you did, I apologize.)
There should be a file in /usr/local/etc/ezjail called www.doman. As for ezjail.conf.sample, you should be able to leave it alone, rather than renaming and uncommenting it, unless things have drastically changed.
Maybe that's the issue?

Did you look at the page I mentioned? If not, go back and try it that way again and see if you have any luck.
Reply With Quote
  #5   (View Single Post)  
Old 13th June 2008
bgobs bgobs is offline
Port Guard
 
Join Date: Jun 2008
Location: Sofia, BG
Posts: 17
Default

Quote:
Originally Posted by scottro View Post
There should be a file in /usr/local/etc/ezjail called www.doman.
thats ok
my domain have a dash. and this file looks like this: www_my_domain_com
the dash and the dots are replaced with underscore.
hmf.. i think that this is ok.
i'll try with different domain. just to test.

Quote:
Originally Posted by scottro View Post
As for ezjail.conf.sample, you should be able to leave it alone, rather than renaming and uncommenting it, unless things have drastically changed.
#cp /usr/local/etc/ezjail.conf.sample /usr/local/etc/ezjail.conf
ezjail.conf.sample exist as original ezjail.conf.sample

Quote:
Originally Posted by scottro View Post
Did you look at the page I mentioned? If not, go back and try it that way again and see if you have any luck.
dont you see that the steps i follow utill the error looks like yours ?
yes, i know your site.. i even use it

and there is smth else..
after update (if i dont lie myself) there was a text saying that there is some deamons watching all ip's and that could be a confilct... i dont remember..

i have one hdd and i use it only for backup.
tomorrow i'll try a clean freebsd install (minimal), and then i'll try again ezjail.

...
i dont have any expiriance with unix/linux. im "playing" with freebsd for about 2 weeks. i'm surprised that i install apache, php, mysql, dovecot, postfix, postfixadmin, spamassassin, squirrelmail and phpmyadmin and they ALL are working

of course i had problems with them like i have problems with ezjail now. but all will work. its just a matter of time.
__________________
FreeBSD 6.2 RELEASE
Reply With Quote
  #6   (View Single Post)  
Old 13th June 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

Ok, I kept reading in a hurry today, so we'll take it step by step. (The fact that your /usr/local/etc/ezjail's domain name had dashes was fine--it should be whatever you called it.)


Quote:

#cd /usr/ports/sysutils/ezjail && make install clean
#cp /usr/local/etc/ezjail.conf.sample /usr/local/etc/ezjail.conf
vi /usr/local/etc/ezjail.conf #and I uncomment all, so my conf have default values
The copying of the sample and uncommenting it should all be unnecessary.
I don't see them causing the error though.

#ezjail-admin update

I would have done this, and left out the copying of the sample config.
As you say you are going to retry the whole thing, leave that part (copying the sample).

doing it the way you did, ezjail-admin update is actually better than doing it with -i, as it will make sure it's really up to date.

#ifconfig rl0 alias 192.168.1.50 netmask 255.255.255.0
#echo 'ifconfig_rl0_alias0="inet 192.168.1.50 netmask 255.255.255.0"' >> /etc/rc.conf

Ok, I see one mistake here--the alias should be 255.255.255.255 (or 0xffffffff (that's zero x, not the capital letter o.)

Still doesn't cover the shell issue though. (I also see that there was an error there on my ezjail page, which I've now corrected.)
More commonly., you'd just do 192.168.1.50/32




#ezjail-admin create www.my-domain.com 192.168.1.50

Now, you should check /usr/local/etc/ezjail to make sure it's in there, and that the lines mentioned on my page are there, at least most of them.


#/usr/local/etc/rc.d/ezjail.sh start

This went without error messages, right?

#jail /usr/jails/www.my-domain.com www.my-domain.com 192.168.1.50 /bin/sh

and i get this error:
jail: execv: /bin/sh: No such file or directory

Ok, that shouldn't have happened, as we know.

#ls -la /usr/jails/www.my-domain.com
...
lrwxrwxrwx 1 root wheel 13 Jun 13 18:34 bin -> /basejail/bin
...

#/usr/jails/www.my-domain.com/basejail is empty

That is probably the issue. I'm not sure why that happened, and it sounds as if something went wrong in the install.
I'm sorry for the false info I gave earlier, as I said, I only had a little time to look at your post.
Reply With Quote
  #7   (View Single Post)  
Old 14th June 2008
deemon's Avatar
deemon deemon is offline
Fdisk Soldier
 
Join Date: May 2008
Location: Estonia
Posts: 50
Default

You don't have to (and probably shouldn't) start the jail explicitly with separate jail command because ezjail.sh rc script already does that.
Check with jls if jail is running after executing ezjail.sh start

I don't know if it's directly related to your problem, it's just a thing I noticed.
Reply With Quote
  #8   (View Single Post)  
Old 14th June 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Default

Quote:
Originally Posted by scottro View Post
the alias should be 255.255.255.255 (or 0xffffffff (that's zero x, not the capital letter o.)
I had problems using this setup before. I know I shouldn't have, but I did. So I changed all my aliases to 255.255.255.0 and everything worked fine. So technically that shouldn't matter much.

Quote:
Originally Posted by deemon View Post
You don't have to (and probably shouldn't) start the jail explicitly with separate jail command because ezjail.sh rc script already does that.
Without configuring/starting sshd within the jail, how else can one access the jailed environment? I've always used the above jail command to "access" a newly created jail to do some configuring before I start any daemons. So this, also, is not the cause of his problems.

Check your /usr/jail/whatever/bin and make sure it's a softlink (ln -s) to "/basejail/bin".

Here's an example of one of my jails (note: I have customized the jail layout a bit but you should get the general gist of things)

Code:
-r--r--r--   1 root  wheel     6188 May 13 02:05 COPYRIGHT
lrwxrwxrwx   1 root  wheel        9 May 13 02:05 bin -> /fbsd/bin
lrwxrwxrwx   1 root  wheel       10 May 13 02:05 boot -> /fbsd/boot
drwxr-xr-x   9 root  wheel      512 May 28 21:31 contrib
dr-xr-xr-x   4 root  wheel      512 Jun 11 20:17 dev
drwxr-xr-x  21 root  wheel     2560 Jun  9 02:04 etc
drwxr-xr-x   9 root  wheel      512 Apr 28 21:26 fbsd
lrwxr-xr-x   1 root  wheel        8 May 13 02:09 home -> usr/home
lrwxrwxrwx   1 root  wheel        9 May 13 02:05 lib -> /fbsd/lib
lrwxrwxrwx   1 root  wheel       13 May 13 02:05 libexec -> /fbsd/libexec
drwxr-xr-x   2 root  wheel      512 May 13 02:05 media
drwxr-xr-x   2 root  wheel      512 May 13 02:05 mnt
dr-xr-xr-x   1 root  wheel        0 Jun 13 17:40 proc
lrwxrwxrwx   1 root  wheel       12 May 13 02:05 rescue -> /fbsd/rescue
drwx------   2 root  wheel      512 May 24 06:54 root
drwxrwx---   3 root  sysadmin   512 May 23 17:25 sahome
lrwxrwxrwx   1 root  wheel       10 May 13 02:05 sbin -> /fbsd/sbin
lrwxrwxrwx   1 root  wheel       11 May 13 02:05 sys -> usr/src/sys
drwxrwxrwt   9 root  wheel      512 Jun 13 11:52 tmp
drwxr-xr-x   6 root  wheel      512 May 13 02:43 usr
drwxr-xr-x  23 root  wheel      512 Jun 11 20:17 var
drwxr-xr-x   6 root  www        512 Jun  2 12:48 www
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote
  #9   (View Single Post)  
Old 14th June 2008
bgobs bgobs is offline
Port Guard
 
Join Date: Jun 2008
Location: Sofia, BG
Posts: 17
Default

is there a way to log everything from jails?

jls has no output. i think that this is wrong..
ezjail-admin list has output.

ezjail.sh start has no output.


***** EDIT:

when I:
#make deinstall clean
remove all ezjail's files and folders
#make install clean

#ezjail-admin update -i

I get the following error:

Quote:
===> lib/libbsm (install)
install -C -o root -g wheel -m 444 libbsm.a /usr/jails/fulljail/usr/lib
install: libbsm.a: No such file or directory
*** Error code 71

Stop in /usr/src/lib/libbsm.
*** Error code 1

Stop in /usr/src/lib.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
*** Error code 1

Stop in /usr/src.
make installworld failed.
if i do first ezjail-admin update, then ezjail-admin update -i everything goes ok.
__________________
FreeBSD 6.2 RELEASE

Last edited by bgobs; 14th June 2008 at 04:29 PM.
Reply With Quote
Old 14th June 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Default

Ah ha! I think I have it now.

If jls is showing nothing, then there are no jails running.

Do you have
Code:
ezjail_enable="YES"
in your /etc/rc.conf? If not, then "/usr/local/etc/rc.d/ezjail.sh start" will do absolutely nothing.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote
Old 14th June 2008
bgobs bgobs is offline
Port Guard
 
Join Date: Jun 2008
Location: Sofia, BG
Posts: 17
Default

Quote:
Originally Posted by cajunman4life View Post
ah Ha! I Think I Have It Now.

If Jls Is Showing Nothing, Then There Are No Jails Running.

Do You Have
Code:
ezjail_enable="yes"
In Your /etc/rc.conf? If Not, Then "/usr/local/etc/rc.d/ezjail.sh Start" Will Do Absolutely Nothing.
Thank you VERY much !


***** EDIT:

@scottro

i think you should move up this step in your QND (with some explanations about the real meaning; its not just "running at boot"):
Quote:
It's time to start the jail. I'll be running it at boot, so I add the line
ezjail_enable="YES"
to /etc/rc.conf and then start the jail.
/usr/local/etc/rc.d/ezjail.sh start
before this:

Quote:
/usr/local/etc/rc.d/ezjail.sh start
Now, enter the jail. jail /usr/jails/apachejail apachejail.example.com 192.168.1.231 /bin/sh

its a good howto anyway!
my problem was, that i just testing ezjail... i have plans to run it after new freebsd install and of course i will build all my services inside jails.
__________________
FreeBSD 6.2 RELEASE

Last edited by bgobs; 14th June 2008 at 09:17 PM.
Reply With Quote
Old 15th June 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

Thank you and you're right. I will do that now.
You can also use forcestart when it's not in rc.conf, e.g.,
/usr/local/etc/rc.d/ezjail forcestart. I'll mention both.

Thank you for the input, it's stuff like that that helps me improve these things.
Reply With Quote
Old 15th June 2008
cajunman4life cajunman4life is offline
Real Name: Aaron Graves
Package Pilot
 
Join Date: May 2008
Location: Coolidge, Arizona
Posts: 203
Default

I too used your guide when first setting up my ezjails - so thanks scottro.
__________________
I just saved a bunch of money on my car insurance by fleeing the scene of the accident!
Reply With Quote
Old 15th June 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

It's always good to hear that these things have helped people. Even though it sounds very trite, it's hearing (well, reading) such things that make the effort of putting them together worthwhile. Glad it's been of help.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
dhcpd within ezjail? zelut FreeBSD General 7 10th February 2009 10:31 PM
ezjail /usr/home users and groups question neurosis FreeBSD Security 7 8th September 2008 08:40 PM
Jails, ezjail, apache, very newbie question. neurosis FreeBSD General 15 23rd August 2008 01:38 PM
Setting Up MPD benjgvps FreeBSD General 0 21st May 2008 12:20 PM
thanks for setting this up DraconianTimes Off-Topic 8 5th May 2008 08:14 AM


All times are GMT. The time now is 03:33 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick