Trying to understand permissions in/out-side of jail

[paleoN]

I'm running 8.2.0-BETA3-x64 with Beta-3 jail pbi & minidlna pbi installed. Thanks to William's post I have minidlna running. I then needed to give dlna user/group permissions on the media directory, mount point, which while obvious took way too long for me to realize.

Which brings me to this post. I'm trying to understand how permissions should work from outside to inside of the jail. Is it simply going to be a requirement that the jail itself will have read and write access to the entire mount point? Will the mount point need to be world readable & writable? Will the final version of the plugin installs attempt to set some sort of sane permissions, whatever that is, on their media directories?

The other thing I noticed was UID/GID collisions from inside of the jail to outside. All of a sudden my one user, outside, had access to the files in the media directory once it was fixed for the dlna user inside the jail. Whatever is decided about the mount points UID/GID collisions would be undesirable. I suppose a range of UIDs/GIDs could be reserved only for jail/plugin use, eg 40000 or whatever. Then of course you could have a deliberate UID/GID collision if you want/need such a thing.

 

[ProtoSD]

These are some good references, though they probably won't answer all of your questions.


http://www.unix.com/man-page/freebsd/8/mount_nullfs/

http://www.freebsd.org/doc/handbook/jails-application.html

 

[paleoN]

Thanks for the links protosd. I have a much better understanding of the jail itself now. I think I might even read the other sections of chapter 16 later.

You're right that it didn't answer all of my questions though.;)

But then I imagine only the developers could do that assuming they have even decided yet.