[systemd-devel] moving a directory let me with a 65534:65534 owner/group directory
arnaud gaboury
arnaud.gaboury at gmail.com
Thu Sep 1 10:55:00 UTC 2016
On Thu, Sep 1, 2016 at 12:47 PM arnaud gaboury <arnaud.gaboury at gmail.com>
wrote:
> I have been moving directories and files between my host and my container
> many times since more than one year with no issues. Host is Archlinux and
> container Fedora 24 (upgrade to 24 is quite recent: no more than 2 months).
>
> I moved a directory today from host to container and this let me, for the
> first time, with a directory in the container owned by 65534:65534.
> <The UID 65534 is commonly reserved for *nobody*, a user with no system
> privileges, as opposed to an ordinary (i.e., *non-privileged*) user. This
> UID is often used for individuals accessing the system remotely via FTP or
> HTTP[0] >
> From host, the directory is correctly seen as a root:root
>
> ----------------------------------------------
> # ls -al
> /var/lib/machines/poppy/storage/tth-blog/pelican-themes/material-TTH/static
> drwxr-xr-x 1 root root 58 Sep 1 12:10 css/
> ----------------------------------------------
>
> I can't change owner/group ID from inside the container, which is of
> course very annoying as my folders and their contents are unusable.
>
>
> I didn't change anything in the way my container is mounted:
>
> $ cat /etc/fstab
> -------------------------
> LABEL=poppy-root /var/lib/machines/poppy
> btrfs rw,noatime,autodefrag,compress=lzo,ssd,subvol=rootvol
> 0 0
> ---------------------------------
> The container is started at boot time with systemd-nspawn at poppy.service
> (poppy is the container name)
>
>
> $ systemctl status systemd-nspawn at poppy.service
>
> ● systemd-nspawn at poppy.service - Container poppy
> Loaded: loaded (/usr/lib/systemd/system/systemd-nspawn at .service;
> enabled; vendor preset: dis
> Active: active (running) since Mon 2016-08-29 00:09:08 CEST; 3 days ago
> Docs: man:systemd-nspawn(1)
> Main PID: 612 (systemd-nspawn)
> Status: "Container running."
> CGroup: /machine.slice/systemd-nspawn at poppy.service
> ├─612 /usr/bin/systemd-nspawn --quiet --keep-unit --boot
> --link-journal=try-guest --
> ├─init.scope
> │ └─617 /usr/lib/systemd/...
> ├─system.slice
> │ ├─console-getty.service
> │ │ └─991 /sbin/agetty --no...
> │ ├─dbus.service
> │ │ └─945 /usr/bin/dbus-dae...
> │ ├─dovecot.service
> │ │ ├─ 1016 /usr/sbin/dovecot
> │ │ ├─ 1431 dovecot/lmtp
> │ │ ├─ 1432 dovecot/anvil
> │ │ ├─ 1433 dovecot/log
> │ │ ├─ 1435 dovecot/config
> │ │ ├─ 1436 dovecot/lmtp
> │ │ ├─ 1437 dovecot/lmtp
> │ │ ├─ 1438 dovecot/lmtp
> │ │ ├─ 1439 dovecot/lmtp
> │ │ ├─ 1440 dovecot/lmtp
> │ │ ├─ 1441 dovecot/lmtp
> │ │ ├─ 1442 dovecot/lmtp
> │ │ ├─ 1443 dovecot/lmtp
> │ │ ├─ 1444 dovecot/lmtp
> │ │ ├─ 3222 dovecot/imap-login
> │ │ ├─ 3226 dovecot/imap
> │ │ ├─ 4129 dovecot/imap-login
> │ │ ├─ 4167 dovecot/imap
> │ │ ├─ 6412 dovecot/ssl-params
> │ │ ├─14815 dovecot/imap-login
> │ │ └─14819 dovecot/imap
> │ ├─nginx.service
> │ │ ├─1458 nginx: master pro...
> │ │ ├─1459 nginx: worker proces
> │ │ ├─1460 nginx: worker proces
> │ │ ├─1461 nginx: worker proces
> │ │ ├─1462 nginx: worker proces
> │ │ ├─1463 nginx: worker proces
> │ │ ├─1464 nginx: worker proces
> │ │ ├─1465 nginx: worker proces
> │ │ └─1466 nginx: worker proces
> │ ├─opendkim.service
> │ │ └─10182 /usr/sbin/opendki...
> │ ├─php-fpm.service
> │ │ ├─ 984 php-fpm: master p...
> │ │ ├─1445 php-fpm: pool own...
> │ │ ├─1446 php-fpm: pool own...
> │ │ ├─1447 php-fpm: pool own...
> │ │ ├─1448 php-fpm: pool own...
> │ │ ├─1449 php-fpm: pool own...
> │ │ ├─1450 php-fpm: pool www...
> │ │ ├─1451 php-fpm: pool www...
> │ │ ├─1452 php-fpm: pool www...
> │ │ └─1454 php-fpm: pool www...
> │ ├─polkit.service
> │ │ └─10026 /usr/lib/polkit-1...
> │ ├─postfix.service
> │ │ ├─ 1096 /usr/libexec/post...
> │ │ ├─ 1098 qmgr -l -t unix -u
> │ │ ├─ 1817 tlsmgr -l -t unix -u
> │ │ └─20925 pickup -l -t unix -u
> │ ├─postgresql.service
> │ │ ├─1009 /usr/bin/postgres...
> │ │ ├─1049 postgres: checkpo...
> │ │ ├─1050 postgres: writer ...
> │ │ ├─1051 postgres: wal wri...
> │ │ ├─1052 postgres: autovac...
> │ │ └─1053 postgres: stats c...
> │ ├─redis.service
> │ │ └─976 /usr/bin/redis-se...
> │ ├─saslauthd.service
> │ │ ├─970 /usr/sbin/saslaut...
> │ │ ├─971 /usr/sbin/saslaut...
> │ │ ├─972 /usr/sbin/saslaut...
> │ │ ├─973 /usr/sbin/saslaut...
> │ │ └─974 /usr/sbin/saslaut...
> │ ├─spamassassin.service
> │ │ └─27341 /usr/bin/perl -T ...
> │ ├─system-clamd.slice
> │ │ └─clamd at amavisd.service
> │ │ └─27332 /usr/sbin/clamd -...
> │ ├─systemd-journald.service
> │ │ └─904 /usr/lib/systemd/...
> │ ├─systemd-logind.service
> │ │ └─936 /usr/lib/systemd/...
> │ ├─systemd-networkd.service
> │ │ └─969 /usr/lib/systemd/...
> │ ├─vsftpd.service
> │ │ └─1430 /usr/sbin/vsftpd ...
> │ └─xinetd.service
> │ └─997 /usr/sbin/xinetd ...
> └─user.slice
> └─user-1000.slice
> ├─session-c1.scope
> │ ├─4974 login -- poisoniv...
> │ └─4998 -zsh
> ├─session-c2.scope
> │ ├─ 6067 login -- poisoniv...
> │ ├─ 6086 -zsh
> │ └─24742 /usr/bin/python3 ...
> └─user at 1000.service
> └─init.scope
> ├─4991 /usr/lib/systemd/...
> └─4993 (sd-pam) ...
>
> Aug 29 00:09:12 hortensia systemd-nspawn[612]: See 'systemctl status
> amavisd.service' for details.
> Aug 29 00:09:13 hortensia systemd-nspawn[612]: [ OK ] Stopped
> Amavisd-new is an interface between MTA and content checkers..
> Aug 29 00:09:13 hortensia systemd-nspawn[612]: Starting
> Amavisd-new is an interfac...een MTA and content checkers....
> Aug 29 00:09:14 hortensia systemd-nspawn[612]: [2B blob data]
> Aug 29 00:09:14 hortensia systemd-nspawn[612]: Fedora 24 (Server Edition)
> Aug 29 00:09:14 hortensia systemd-nspawn[612]: Kernel 4.7.2-1-hortensia on
> an x86_64 (console)
> Aug 29 00:09:14 hortensia systemd-nspawn[612]: [1B blob data]
> Aug 29 00:09:14 hortensia systemd-nspawn[612]: Admin Console:
> https://192.168.1.94:9090/ or https://[fe80::c7f:c3ff:fefb:25b1]:9090/
> Aug 29 00:09:14 hortensia systemd-nspawn[612]: [1B blob data]
> Aug 29 08:29:20 hortensia systemd-nspawn[612]: thetradinghall login:
> Generating systemd units for vsftpd
> lines 65-122/122 (END)
>
> Please can someone help me to deal with this issue?
>
EDIT:
$ls -al /
dr-xr-xr-x 1 root root 242 Aug 28 13:47 ./
dr-xr-xr-x 1 root root 242 Aug 28 13:47 ../
dr-xr-xr-x 1 root root 0 Feb 3 2016 boot/
drwxrwxr-x 1 root root 62 Aug 26 19:59 db/
drwxr-xr-x 7 root root 440 Aug 29 00:09 dev/
drwxr-xr-x 1 root root 4.1K Aug 29 08:19 etc/
drwxr-xr-x 1 root root 76 Feb 3 2016 home/
drwxrwxrwx 1 root root 0 Aug 28 13:47 keybase/
drwxr-xr-x 1 root root 0 Feb 3 2016 media/
drwxr-xr-x 1 root root 0 Feb 3 2016 mnt/
drwxr-xr-x 1 root root 56 Aug 26 20:02 opt/
dr-xr-xr-x 412 65534 65534 0 Aug 29 00:09 proc/
dr-xr-x--- 1 root root 378 Aug 29 08:28 root/
drwxr-xr-x 21 root root 560 Aug 29 08:29 run/
drwxr-xr-x 1 65534 65534 6 Mar 3 17:43 share/
drwxr-xr-x 1 root root 0 Feb 3 2016 srv/
drwxrwxr-x 1 root wheel 230 Sep 1 12:11 storage/
drwxr-xr-x 9 root root 180 Aug 29 00:09 sys/
drwxrwxrwt 12 root root 240 Sep 1 12:51 tmp/
drwxr-xr-x 1 root root 100 Dec 14 2015 usr/
drwxr-xr-x 1 root root 194 Mar 19 18:29 var/
-rw-r--r-- 1 65534 65534 0 May 9 10:01 .autorelabel
lrwxrwxrwx 1 root root 7 Feb 3 2016 bin -> usr/bin/
-rw-r--r-- 1 65534 65534 739 Jul 3 02:00 certbot.log
lrwxrwxrwx 1 root root 7 Feb 3 2016 lib -> usr/lib/
lrwxrwxrwx 1 root root 9 Feb 3 2016 lib64 -> usr/lib64/
-rw-r--r-- 1 65534 65534 220 Jul 5 13:24 .pearrc
-rw------- 1 65534 65534 1.0K May 15 2015 .rnd
lrwxrwxrwx 1 65534 65534 8 Feb 3 2016 sbin -> usr/sbin/
?? Doesn't sounds good all these 65534:65534. Any possibility there have
been an intrusion in my container (it servers many web apps) ?
> Thank you
>
>
> [0]http://www.linfo.org/uid.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160901/81f54039/attachment-0001.html>
More information about the systemd-devel
mailing list