Date: Fri, 5 Sep 2008 23:31:13 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Joshua Piccari <jpiccari@bblocked.org> Cc: freebsd-hackers@freebsd.org Subject: Re: Temp files in /etc Message-ID: <20080906063113.GB77307@icarus.home.lan> In-Reply-To: <15d3bc360809051940t70f0b884mb9a80132acc50b45@mail.gmail.com> References: <15d3bc360809051940t70f0b884mb9a80132acc50b45@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 05, 2008 at 07:40:13PM -0700, Joshua Piccari wrote: > Hi all, > I am setting up a few jails and I want them all to use the same /etc files > (with the exception of the files related to the password files and > databases), so I mounted a shared /etc folder as a nullfs with read-only > permissions. The problem is that using utilities like pw or chpass create > temporary files in /etc and that file system is mounted read-only. > So is there a way to force any utilities that create temp files in /etc to > use another location, something like /usr/local/etc for example? I've had a chat with another user off-list about this, and the conclusion reached is that your mounting of /etc read-only is a bad idea, for many different reasons. Let's step through things slowly, so that hopefully it'll make sense. Foremost, /etc is mounted read-only, so what purpose does it serve to be using passwd or group-editing utilities on that system? You'd need r/w access to be able to accomplish that. Secondly, utilities like vipw(8), chpass(1), pw(8), and many others all create temporary files in /etc for security reasons: the temporary files *must* be on the same filesystem. In your case, /etc is its own filesystem, mounted read-only. So, placing the temporary files (e.g. /etc/pw.XXXXXX when using vipw(8)) on a separate filesystem or separate location is not plausible. Regarding the security implications, others will have to chime in here. Thirdly, some (but not all) of the utilities support command-line flags that allow an alternative directory to /etc: pw(8) -V flag vipw(8) -d flag pwd_mkdb(8) -d flag chpass(1) no support passwd(1) no support rmuser(8) no support adduser(8) no support Fourthly, there are periodic(8) scripts which explicitly refer to /etc/master.passwd and do not support an alternative directory. Those scripts will break, and disabling them is not recommended. Finally, some other caveats/situations which will likely arise: - The administrator (you) will have to remember to use the above flags every time they use said utilities; chances are you'll forget, especially since the flags aren't all the same, - A user of your jail may become very surprised when they find passwd, group, or other files missing from /etc, - Third-party software which reads /etc/passwd or related files will fail since you'd be using an alternative /etc directory. I'm pretty sure we have some ports which use rmuser/adduser (meaning the software itself, not necessarily the port installation part). Hope this sheds some light on things. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080906063113.GB77307>