diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -788,7 +788,7 @@ setenv("HOME", pwd->pw_dir, 1); setenv("SHELL", *pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); - if (clean && chdir(pwd->pw_dir) < 0) { + if (clean && username && chdir(pwd->pw_dir) < 0) { jail_warnx(j, "chdir %s: %s", pwd->pw_dir, strerror(errno)); exit(1); diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 24, 2024 +.Dd August 12, 2024 .Dt JAIL 8 .Os .Sh NAME @@ -873,8 +873,13 @@ is set to the target login. .Ev TERM is imported from the current environment. +.Ev PATH +is set to "/bin:/usr/bin". The environment variables from the login class capability database for the target login are also set. +If a user is specified (as with +.Va exec.jail_user ) , +commands are run from that (possibly jailed) user's directory. .It Va exec.jail_user The user to run commands as, when running in the jail environment. The default is to run the commands as the current user. diff --git a/usr.sbin/jexec/jexec.8 b/usr.sbin/jexec/jexec.8 --- a/usr.sbin/jexec/jexec.8 +++ b/usr.sbin/jexec/jexec.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 7, 2023 +.Dd August 12, 2024 .Dt JEXEC 8 .Os .Sh NAME @@ -55,6 +55,11 @@ and anything from the login class capability database for the user. .Ev PATH is set to "/bin:/usr/bin". +If a user is specified (via +.Fl u +or +.Fl U ) , +commands are run from that (possibly jailed) user's directory. .It Fl u Ar username The user name from host environment as whom the .Ar command diff --git a/usr.sbin/jexec/jexec.c b/usr.sbin/jexec/jexec.c --- a/usr.sbin/jexec/jexec.c +++ b/usr.sbin/jexec/jexec.c @@ -129,7 +129,7 @@ setenv("HOME", pwd->pw_dir, 1); setenv("SHELL", *pwd->pw_shell ? pwd->pw_shell : _PATH_BSHELL, 1); - if (clean && chdir(pwd->pw_dir) < 0) + if (clean && username && chdir(pwd->pw_dir) < 0) err(1, "chdir: %s", pwd->pw_dir); endpwent(); }