jexec as user?
Walter Cramer
wfc at mintsol.com
Tue Nov 19 17:25:36 UTC 2019
On Tue, 19 Nov 2019, mike tancsa wrote:
> On 11/19/2019 8:09 AM, Christos Chatzaras wrote:
> On 19 Nov 2019, at 15:02, mike tancsa <mike at sentex.net> wrote:
>> On 11/19/2019 6:42 AM, Ronald Klop wrote:
>>> Hi,
>>>
>>> Is it possible to jexec into a jail as a regular user. Or to enable
>>> that somewhere?
>>> Or is the way to do such a thing to set up ssh in the jail?
>>>
>> On 11.3 at least, does not the built in functionality of jexec do what
>> you need ?
>>
>> jexec [-l] [-u username | -U username] jail [command ...]
>>
>> # jexec -U testuser 3 csh
>> testuser at cacticonsole:/ % id
>> uid=1005(testuser) gid=1005(testuser) groups=1005(testuser)
>> testuser at cacticonsole:/ %
>>
> I think he wants to use jexec as a normal user from the main OS.
>
> If he wants to run jexec as root and login to jail as user then your command works.
Ahhh, my mistake. A sudo entry then ?
---Mike
At least on older FreeBSD versions, it's easy to wrap `jexec` in a few
lines (literally a half-dozen) of C code, suid after compiling, and have
users in the host environment jump into jails with it. (I haven't set
this up in a while, to know if there are issues with 11.X or 12.X.)
OTOH, there is a bitter-regret-filled gap between knowing enough to do
that, and knowing enough to securely write and deploy suid-root programs.
-Walter
_______________________________________________
freebsd-stable at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable
mailing list