Help with jail permissions

hunter0one

Member

Reaction score: 60
Messages: 41

Hello,
I have a jail set up to test my nginx web server on my local machine and make changes to it before I push. However, I wanted to use a GUI editor from outside the jail to edit the HTML/CSS (which is the main reason I wanted to use a jail). I made perhaps a horrible mistake by recursively changing ownership of the jail ( # chown -R hunter:wheel [jailname]) and then recursively changing read/write permissions for all files to allow wheel and root read/write permissions. Now when I run the jail, nginx no longer works because of the following:

ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
Starting nginx.
login class 'daemon' non-existent, using default
ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx


I probably should have only changed permissions for /usr/local/www instead of the entire jail but I wasn't thinking.. Is there any way to undo/fix this? I spent a lot of time building the jail from source since bsdinstall was giving an "Invalid URL scheme" error so I would prefer to fix it than have to start over from scratch.
 

freebuser

Active Member

Reaction score: 10
Messages: 124

I build my base OS in a virtualbox and NFS to hosts and jails so not sure how it works in your end, but I would have thought the already built sources will be still in your host's source dir (/usr/obj ?)
You may only have to install back again.

Alternatively if you are happy to spend the time to fix the system by reassigning the permissions, this can be done by looking at the host's permissions and re-assigning to jail.

I don't think there is a easy way out.
 

Jose

Daemon

Reaction score: 1,081
Messages: 1,303

ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
Starting nginx.
login class 'daemon' non-existent, using default
ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx
Hmm, doesn't seem like a permissions problem
Code:
$ ldd /usr/local/sbin/nginx 
/usr/local/sbin/nginx:
    libthr.so.3 => /lib/libthr.so.3 (0x80032e000)
    libcrypt.so.5 => /lib/libcrypt.so.5 (0x80035b000)
    libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x80037c000)
    libssl.so.111 => /usr/lib/libssl.so.111 (0x80041f000)
    libcrypto.so.111 => /lib/libcrypto.so.111 (0x8004b7000)
    libz.so.6 => /lib/libz.so.6 (0x8007a9000)
    libc.so.7 => /lib/libc.so.7 (0x8007c5000)
$ ls -l /usr/local/lib/libpcre.so.1
lrwxr-xr-x  1 root  wheel  17 Sep 16  2020 /usr/local/lib/libpcre.so.1 -> libpcre.so.1.2.12
$ ls -l /usr/local/lib/libpcre.so.1.2.12 
-rwxr-xr-x  1 root  wheel  662608 Sep 16  2020 /usr/local/lib/libpcre.so.1.2.12
Changing the ownership should still give nginx read and execute access, and that's all it should need.

I probably should have only changed permissions for /usr/local/www instead of the entire jail but I wasn't thinking.. Is there any way to undo/fix this? I spent a lot of time building the jail from source since bsdinstall was giving an "Invalid URL scheme" error so I would prefer to fix it than have to start over from scratch.
Those aren't the only two ways of building a jail. I do a tar -xf base.txz -C $JAILDIR like the handbook says. You can get base.txz files here:
 

zapata

Member

Reaction score: 5
Messages: 21

Those aren't the only two ways of building a jail. I do a tar -xf base.txz -C $JAILDIR like the handbook says. You can get base.txz files here:

Be careful. This will overwrite files in /etc (e.g. master.passwd). I use the following command to update my Raspberry Pis: tar -xpJf base.txz --exclude "^etc/" --exclude "^var/db/etcupdate"

Any objections?
 
Top