# Help with jail permissions



## Deleted member 67862 (Oct 19, 2021)

Hello,
I have a jail set up to test my nginx web server on my local machine and make changes to it before I push. However, I wanted to use a GUI editor from outside the jail to edit the HTML/CSS (which is the main reason I wanted to use a jail). I made perhaps a horrible mistake by recursively changing ownership of the jail (`# chown -R hunter:wheel [jailname]`) and then recursively changing read/write permissions for all files to allow wheel and root read/write permissions. Now when I run the jail, nginx no longer works because of the following:

`ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
Starting nginx.
login class 'daemon' non-existent, using default
ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx`

I probably should have only changed permissions for /usr/local/www instead of the entire jail but I wasn't thinking.. Is there any way to undo/fix this? I spent a lot of time building the jail from source since bsdinstall was giving an "Invalid URL scheme" error so I would prefer to fix it than have to start over from scratch.


----------



## freebuser (Oct 19, 2021)

I build my base OS in a virtualbox and NFS to hosts and jails so not sure how it works in your end, but I would have thought the already built sources will be still in your host's source dir (/usr/obj ?)
You may only have to install back again.

Alternatively if you are happy to spend the time to fix the system by reassigning the permissions, this can be done by looking at the host's permissions and re-assigning to jail.

I don't think there is a easy way out.


----------



## Jose (Oct 19, 2021)

hunter0one said:


> `ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
> Starting nginx.
> login class 'daemon' non-existent, using default
> ld-elf.so.1: Shared object "libpcre.so.1" not found, required by "nginx"
> /usr/local/etc/rc.d/nginx: WARNING: failed to start nginx`


Hmm, doesn't seem like a permissions problem

```
$ ldd /usr/local/sbin/nginx 
/usr/local/sbin/nginx:
    libthr.so.3 => /lib/libthr.so.3 (0x80032e000)
    libcrypt.so.5 => /lib/libcrypt.so.5 (0x80035b000)
    libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x80037c000)
    libssl.so.111 => /usr/lib/libssl.so.111 (0x80041f000)
    libcrypto.so.111 => /lib/libcrypto.so.111 (0x8004b7000)
    libz.so.6 => /lib/libz.so.6 (0x8007a9000)
    libc.so.7 => /lib/libc.so.7 (0x8007c5000)
$ ls -l /usr/local/lib/libpcre.so.1
lrwxr-xr-x  1 root  wheel  17 Sep 16  2020 /usr/local/lib/libpcre.so.1 -> libpcre.so.1.2.12
$ ls -l /usr/local/lib/libpcre.so.1.2.12 
-rwxr-xr-x  1 root  wheel  662608 Sep 16  2020 /usr/local/lib/libpcre.so.1.2.12
```
Changing the ownership should still give nginx read and execute access, and that's all it should need.



hunter0one said:


> I probably should have only changed permissions for /usr/local/www instead of the entire jail but I wasn't thinking.. Is there any way to undo/fix this? I spent a lot of time building the jail from source since bsdinstall was giving an "Invalid URL scheme" error so I would prefer to fix it than have to start over from scratch.


Those aren't the only two ways of building a jail. I do a `tar -xf base.txz -C $JAILDIR` like the handbook says. You can get base.txz files here:


			Index of /pub/FreeBSD/releases/amd64/12.2-RELEASE/


----------



## zapata (Oct 21, 2021)

Jose said:


> Those aren't the only two ways of building a jail. I do a `tar -xf base.txz -C $JAILDIR` like the handbook says. You can get base.txz files here:



Be careful. This will overwrite files in /etc (e.g. master.passwd). I use the following command to update my Raspberry Pis: tar -xpJf base.txz --exclude "^etc/" --exclude "^var/db/etcupdate"

Any objections?


----------

