Thanks for all the advice. I am indeed looking for using jail from the non-root
user in the host. Jailme sounds like a good solution.
My use case is providing a relatively save way of giving a user the possibility
to experiment with root rights (like creating and installing ports) without
wracking the host system.
The users are trusted so it is not so much about security. More about keeping
the host system clean.
Regards,
Ronald.
Van: Miroslav Lachman <000.fbsd at quip.cz>
Datum: dinsdag, 19 november 2019 20:31
Aan: Christos Chatzaras <chris at cretaforce.gr>, freebsd-stable
<freebsd-stable at freebsd.org>
CC: Ronald Klop <ronald-lists at klop.ws>
Onderwerp: Re: jexec as user?>
> Christos Chatzaras wrote on 2019/11/19 14:09:
> >
> >
> >> On 19 Nov 2019, at 15:02, mike tancsa <mike at sentex.net>
wrote:
> >>
> >> On 11/19/2019 6:42 AM, Ronald Klop wrote:
> >>> Hi,
> >>>
> >>> Is it possible to jexec into a jail as a regular user. Or to
enable
> >>> that somewhere?
> >>> Or is the way to do such a thing to set up ssh in the jail?
> >>>
> >> On 11.3 at least, does not the built in functionality of jexec do
what
> >> you need ?
> >>
> >> jexec [-l] [-u username | -U username] jail [command ...]
> >>
> >> # jexec -U testuser 3 csh
> >> testuser at cacticonsole:/ % id
> >> uid=1005(testuser) gid=1005(testuser) groups=1005(testuser)
> >> testuser at cacticonsole:/ %
> >>
> >
> > I think he wants to use jexec as a normal user from the main OS.
> >
> > If he wants to run jexec as root and login to jail as user then your
command works.
>
> If you want to use jexec as normal user in host, look at sysutils/jailme
from ports:
>
> https://www.freshports.org/sysutils/jailme/
> This version is installed setuid and does some sanity checking to ensure
the username and UID match between the jail and the host system.
>
> WWW: https://github.com/Intermedix/jailme
>
> Miroslav Lachman
>
> PS: I never used jailme personally
>
>
>