jails infrastructure as code and orchestration tools : ansible vs iocage vs (appjail + director + overlord)

toddg said:
Ahhh, that's so simple. Ok, I'll try that.
Click to expand...
This is starting to touch on why I choose to do things the way I do them (-e.g. my jail script vs others) and I'm interested in how you're going to tackle these types of things. Tell us how it goes (obviously, UID--for example--is easy, but I want to see how you're going to tackle these types of "issues" in an automated setup). Very cool to watch! Keep going.
 
atax1a

I'm still having trouble with this. I have created a user named backup in both my HOST and JAIL, and the UID is 2001 in both cases. The jails root user can see the host files, but not the backup.

Code: 
# 1. host user
root@fbsdhost4:/home/toddg # grep backup /etc/passwd
backup:*:2001:2001:User &:/home/backup:/bin/sh

# 2. jail user
root@fbsdhost4:/home/toddg # jexec -l backitup grep backup /etc/passwd
backup:*:2001:2001:User &:/home/backup:/bin/sh

# 3. host datasets / filesystems are chowned to backup:backup
root@fbsdhost4:/home/toddg # ls -lsat /opt
total 21
17 drwxr-xr-x  23 root   wheel  28 Feb 17 21:23 ..
 1 drwxr-x---   4 backup backup  4 Feb 14 12:41 prod
 1 drwxr-x---   5 backup backup  5 Feb 14 12:41 .
 1 drwxr-x---   4 backup backup  4 Feb 14 12:41 stage
 1 drwxr-x---   4 backup backup  4 Feb 14 12:41 dev
root@fbsdhost4:/home/toddg # ls -lsat /opt/dev
total 4
1 drwxr-x---  5 backup backup 5 Feb 14 12:41 ..
1 drwxr-x---  4 backup backup 4 Feb 14 12:41 .
1 drwxr-x---  2 backup backup 2 Feb 14 12:41 postgres
1 drwxr-x---  2 backup backup 2 Feb 14 12:41 feeds
root@fbsdhost4:/home/toddg # ls -lsat /opt/dev/feeds/
total 2
1 drwxr-x---  4 backup backup 4 Feb 14 12:41 ..
1 drwxr-x---  2 backup backup 2 Feb 14 12:41 .
root@fbsdhost4:/home/toddg # ls -lsat /opt/dev/postgres/
total 2
1 drwxr-x---  4 backup backup 4 Feb 14 12:41 ..
1 drwxr-x---  2 backup backup 2 Feb 14 12:41 .

# 4. root user inside jail can see the files 
root@fbsdhost4:/home/toddg # jexec -l backitup find /opt
/opt
/opt/prod
/opt/prod/postgres
/opt/prod/feeds
/opt/dev
/opt/dev/postgres
/opt/dev/feeds
/opt/stage
/opt/stage/postgres
/opt/stage/feeds
/opt/stage/feeds/fakefeed.txt

# 5. the backup user inside the jail cannot see the files
root@fbsdhost4:/home/toddg # jexec -l -u backup backitup find /opt
/opt
find: /opt/prod: Permission denied
find: /opt/dev: Permission denied
find: /opt/stage: Permission denied
find: /opt: Permission denied

# 6. trying with both the "-u" and "-U" flags, same result
root@fbsdhost4:/home/toddg # jexec -l -U backup backitup find /opt
/opt
find: /opt/prod: Permission denied
find: /opt/dev: Permission denied
find: /opt/stage: Permission denied
find: /opt: Permission denied

Any suggestions would be most welcome
:)
 
You must log in or register to reply here.
Back
Top