|
FreeBSD Security Securing FreeBSD. |
|
Thread Tools | Display Modes |
|
|||
ezjail /usr/home users and groups question
I created a couple of jails using ezjail and decided against having an admin type login for either jail. Instead ive been just using the jexec command to enter the jails and admin them. Only one of the jails have a ssh login set up and the other only runs an ftpd. The ftpd is pure-ftpd. Well when I am logged in under my normal login change to the /usr/jail/jailname/usr/home/ directory and look at the owner/group of the user/users in the home directory they dont match what shows when I go in to the jails using the jexec command. In fact they both have a very strange owner/group when looking at them from my normal login. When viewing them by entering the jails using the jexec command they display what I would expect. My question is, who should the owner and group of these be when viewing them not logged in to the jail? It seems to have picked strange owners and groups for these and im not sure why.
|
|
|||
Quote:
You can do that using the jexec command to enter the jail cant you? Or do I need to created an admin account inside of the jail and do it that way? when I enter the jail using jexec it placed me inside of the jail as root. Thats the way ive set everything up inside of the jails and I get this weird phenomenon of strange owner/group but only when looking at permissions from outside of the jail. |
|
|||
Quote:
I guess that the uid and the gid wouldnt match would they. Im assuming that this doesnt cause problems? The uid and gid are matching a couple of accounts that are on the host so its showing that they are the owner and group of the jail user directories. This freaked me out a little. |
|
||||
If you want ownership to match exactly between the host and its jail, it will require a deliberate, ongoing effort to keep /etc/passwd (actually /etc/pwd.db, IIRC) in sync.
Not worth the effort, IMO. Just make sure you don't accidentally give a shell user on the host system ownership of some jail resources. (You're not allowing shell users on the host system anyway, right? Right? )
__________________
Kill your t.v. |
|
|||
Quote:
|
|
|||
In my opinion there's no need to worry about someone breaking out of a jail as they are very secure. In case your worried that it's very easy to do so try it yourself, it's literally a whole new system inside another like a Russian doll. With regards to virtually stopping brute force attacks I can recommend OSSEC HIDS which will make use of PF and all you'll need to do is add a blacklist table for it to use.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
dhcpd within ezjail? | zelut | FreeBSD General | 7 | 10th February 2009 10:31 PM |
Various Groups -- Information | JMJ_coder | General software and network | 3 | 20th December 2008 04:35 AM |
FTP users sharing same home directory | phreud | FreeBSD General | 6 | 11th November 2008 10:11 PM |
groups.google.com down? | jb_daefo | Off-Topic | 2 | 23rd September 2008 03:37 AM |
Jails, ezjail, apache, very newbie question. | neurosis | FreeBSD General | 15 | 23rd August 2008 01:38 PM |