From owner-freebsd-questions@FreeBSD.ORG Sun Nov 13 13:04:50 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A2D4106564A for ; Sun, 13 Nov 2011 13:04:50 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 767F68FC18 for ; Sun, 13 Nov 2011 13:04:49 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id pADD4kNI022477 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Sun, 13 Nov 2011 13:04:46 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.4.1 smtp.infracaninophile.co.uk pADD4kNI022477 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1321189486; bh=mG9ewZc+kcCEzJZc1y5pcMKSy3+J/GHnAklKhJbumgw=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Cc; b=SAyOET9ovgHibMjd27De8H/UaOsF/5387xPkJokq/bo9OV2Ks5GfD9KpZ7wvDU2Pe G5QVbH61+LwbQ544W5fREmlLPqTo3cZobkjFC36QFcMCiMe6KvNoqTFRO+WWbgaYYc oPLJmybuKUTCY9bN0BBCRb4aEJEneNC6+dBUi0e4= Message-ID: <4EBFC064.9040205@infracaninophile.co.uk> Date: Sun, 13 Nov 2011 13:04:36 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <1321152864.63708.YahooMailNeo@web122210.mail.ne1.yahoo.com> <4EBF8CAD.8000003@infracaninophile.co.uk> <20111113102449.GA16065@external.screwed.box> In-Reply-To: <20111113102449.GA16065@external.screwed.box> X-Enigmail-Version: 1.3.3 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig7926672EF8B23B33C78E8CF2" X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_FAIL autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: How to login to my jail from host itself (normal user) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Nov 2011 13:04:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig7926672EF8B23B33C78E8CF2 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable On 13/11/2011 12:31, Peter Vereshagin wrote: > I'd find it obvious to try to launch getty by mean of jexec by setting = the command in /etc/ttys? >=20 > Something like that: >=20 > ttyv0 "/usr/sbin/jexec `cat /var/run/some_jail.id` /usr/libexec/g= etty Pc" cons25 on secure >=20 That might work. Needs testing though -- when someone logs in does init in the host system recognize that the jailed login has taken over the vty from the jail? Or does it just keep spawning new getty processes? Lets see... lucid-nonsense:/etc:# diff -u ttys.save ttys --- ttys.save 2011-11-13 12:49:28.868350588 +0000 +++ ttys 2011-11-13 12:50:10.609176357 +0000 @@ -38,7 +38,7 @@ ttyv4 "/usr/libexec/getty Pc" cons25 on secure ttyv5 "/usr/libexec/getty Pc" cons25 on secure ttyv6 "/usr/libexec/getty Pc" cons25 on secure -ttyv7 "/usr/libexec/getty Pc" cons25 on secure +ttyv7 "/usr/sbin/jexec 1 /usr/libexec/getty Pc" cons25 on secure ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure # Serial terminals # The 'dialup' keyword identifies dialin lines to login, fingerd etc. lucid-nonsense:/etc:# kill -HUP 1 lucid-nonsense:/etc:# jexec 1 ps -ax | grep getty 22182 v7 Is+J 0:00.01 /usr/libexec/getty Pc ttyv7 Looking good so far... Wanders into the other room and logs in on the console -- vty7, which identifies itself as the jail. lucid-nonsense:/etc:# ps -auxwww | grep v7 root 22182 0.0 0.0 21700 1676 v7 IsJ 12:50PM 0:00.06 login [pam] (login) matthew 22293 0.0 0.0 10312 2524 v7 IJ 12:53PM 0:00.07 -tcsh (tcsh) matthew 22299 0.0 0.0 9372 1668 v7 S+J 12:53PM 0:00.11 top root 22362 0.0 0.0 9124 1192 1 S+ 12:56PM 0:00.00 grep v= 7 Seems to work nicely. Now, does logout work properly? Logs out of the jail lucid-nonsense:/etc:# ps -auxwww | grep v7 root 22390 0.0 0.0 6916 1028 v7 Is+J 12:59PM 0:00.01 /usr/libexec/getty Pc ttyv7 Yep. All works nicely. That's really cool. Definitely needs care to make sure the jail ID matches up to the intended jail. Using mm@freebsd.org's updated jail init stuff from the sysutils/jailrc port and enabling persistent jails probably the way to go there. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig7926672EF8B23B33C78E8CF2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6/wG0ACgkQ8Mjk52CukIymdACfdcRJ1ueCvp0UCIlwXLxQr+cx XT0AnijK1HKp8ADzzzpOw5P9qiVCPoQ4 =X+dI -----END PGP SIGNATURE----- --------------enig7926672EF8B23B33C78E8CF2--