xref: /freebsd/usr.sbin/jexec/jexec.8 (revision 5cf705491727dd963485f9911ee3d52c3bf148db)

.\"
.\" Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd August 12, 2024
.Dt JEXEC 8
.Os
.Sh NAME
.Nm jexec
.Nd "execute a command inside an existing jail"
.Sh SYNOPSIS
.Nm
.Op Fl l
.Op Fl u Ar username | Fl U Ar username
.Ar jail Op Ar command ...
.Sh DESCRIPTION
The
.Nm
utility executes
.Ar command
inside the
.Ar jail
identified by its jid or name.
If
.Ar command
is not specified then the user's shell is used.
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl l
Execute in a clean environment.
The environment is discarded except for
.Ev HOME , SHELL , TERM , USER ,
and anything from the login class capability database for the user.
.Ev PATH
is set to "/bin:/usr/bin".
If a user is specified (via
.Fl u
or
.Fl U ) ,
commands are run from that (possibly jailed) user's directory.
.It Fl u Ar username
The user name from host environment as whom the
.Ar command
should run.
This is the default.
.It Fl U Ar username
The user name from jailed environment as whom the
.Ar command
should run.
.El
.Sh EXAMPLES
.Ss Example 1 : Open a shell in a jail
The following command specifies a jail by its name and utilizes the current
user's shell:
.Pp
.Dl # jexec name
.Pp
It is also possible to specify a jail by its jid:
.Pp
.Dl # jexec JID
.Ss Example 2 : Run a single command without opening a shell
The following command runs
.Ql uname -a
in a jail called
.Dq name .
Since a command is specified explicitly,
.Nm
does not spawn an interactive shell.
Instead,
.Nm
executes the specified command directly.
.Pp
.Dl # jexec name uname -a
.Ss Example 3 : Open a shell in a jail with a clean environment
The following command opens a
.Xr sh 1
shell in a jail with a clean environment:
.Pp
.Dl # jexec -l name sh
.Ss Example 4 : Open a shell in a jail with the login command
The following command utilizes
.Xr login 1
to access the jail, submitting an audit record, and displaying the
user's last login, system copyright, and
.Xr motd 5
message:
.Pp
.Dl # jexec -l name login -f root
.Sh SEE ALSO
.Xr jail_attach 2 ,
.Xr jail 8 ,
.Xr jls 8
.Sh HISTORY
The
.Nm
utility was added in
.Fx 5.1 .
.Sh BUGS
If the jail is not identified by
.Ar jid
there is a possible race in between the lookup of the jail
and executing the command inside the jail.
Giving a
.Ar jid
has a similar race as another process can stop the jail and
start another one after the user looked up the
.Ar jid .