diff options
Diffstat (limited to 'usr.sbin/jexec/jexec.8')
| -rw-r--r-- | usr.sbin/jexec/jexec.8 | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/usr.sbin/jexec/jexec.8 b/usr.sbin/jexec/jexec.8 new file mode 100644 index 000000000000..afcc1839ef75 --- /dev/null +++ b/usr.sbin/jexec/jexec.8 @@ -0,0 +1,135 @@ +.\" +.\" Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd March 5, 2025 +.Dt JEXEC 8 +.Os +.Sh NAME +.Nm jexec +.Nd "execute a command inside an existing jail" +.Sh SYNOPSIS +.Nm +.Op Fl l +.Op Fl d Ar working-directory +.Op Fl u Ar username | Fl U Ar username +.Ar jail Op Ar command ... +.Sh DESCRIPTION +The +.Nm +utility executes +.Ar command +inside the +.Ar jail +identified by its jid or name. +If +.Ar command +is not specified then the user's shell is used. +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl d Ar working-directory +The working directory for running commands inside the jail. +The default is the jail root directory. +.It Fl l +Execute in a clean environment. +The environment is discarded except for +.Ev HOME , SHELL , TERM , USER , +and anything from the login class capability database for the user. +.Ev PATH +is set to "/bin:/usr/bin". +If a user is specified (via +.Fl u +or +.Fl U ) , +and absent the +.Fl d +option, commands are run from that (possibly jailed) user's directory. +.It Fl u Ar username +The user name from host environment as whom the +.Ar command +should run. +This is the default. +.It Fl U Ar username +The user name from jailed environment as whom the +.Ar command +should run. +.El +.Sh EXAMPLES +.Ss Example 1 : Open a shell in a jail +The following command specifies a jail by its name and utilizes the current +user's shell: +.Pp +.Dl # jexec name +.Pp +It is also possible to specify a jail by its jid: +.Pp +.Dl # jexec JID +.Ss Example 2 : Run a single command without opening a shell +The following command runs +.Ql uname -a +in a jail called +.Dq name . +Since a command is specified explicitly, +.Nm +does not spawn an interactive shell. +Instead, +.Nm +executes the specified command directly. +.Pp +.Dl # jexec name uname -a +.Ss Example 3 : Open a shell in a jail with a clean environment +The following command opens a +.Xr sh 1 +shell in a jail with a clean environment: +.Pp +.Dl # jexec -l name sh +.Ss Example 4 : Open a shell in a jail with the login command +The following command utilizes +.Xr login 1 +to access the jail, submitting an audit record, and displaying the +user's last login, system copyright, and +.Xr motd 5 +message: +.Pp +.Dl # jexec -l name login -f root +.Sh SEE ALSO +.Xr jail_attach 2 , +.Xr jail 8 , +.Xr jls 8 +.Sh HISTORY +The +.Nm +utility was added in +.Fx 5.1 . +.Sh BUGS +If the jail is not identified by +.Ar jid +there is a possible race in between the lookup of the jail +and executing the command inside the jail. +Giving a +.Ar jid +has a similar race as another process can stop the jail and +start another one after the user looked up the +.Ar jid . |