From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 6 06:31:15 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05C9D106564A for ; Sat, 6 Sep 2008 06:31:15 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA10.emeryville.ca.mail.comcast.net (qmta10.emeryville.ca.mail.comcast.net [76.96.30.17]) by mx1.freebsd.org (Postfix) with ESMTP id E6A418FC1C for ; Sat, 6 Sep 2008 06:31:14 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA02.emeryville.ca.mail.comcast.net ([76.96.30.19]) by QMTA10.emeryville.ca.mail.comcast.net with comcast id BJLf1a0060QkzPwAAJXEmi; Sat, 06 Sep 2008 06:31:14 +0000 Received: from koitsu.dyndns.org ([67.180.253.227]) by OMTA02.emeryville.ca.mail.comcast.net with comcast id BJXD1a0064v8bD78NJXDyt; Sat, 06 Sep 2008 06:31:14 +0000 X-Authority-Analysis: v=1.0 c=1 a=QycZ5dHgAAAA:8 a=DPEs6TlfJ2MCFc5VAhsA:9 a=2KZsmEXmW2j2W_fVVQfHjDpNTdEA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id 5A93917B81A; Fri, 5 Sep 2008 23:31:13 -0700 (PDT) Date: Fri, 5 Sep 2008 23:31:13 -0700 From: Jeremy Chadwick To: Joshua Piccari Message-ID: <20080906063113.GB77307@icarus.home.lan> References: <15d3bc360809051940t70f0b884mb9a80132acc50b45@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <15d3bc360809051940t70f0b884mb9a80132acc50b45@mail.gmail.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-hackers@freebsd.org Subject: Re: Temp files in /etc X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Sep 2008 06:31:15 -0000 On Fri, Sep 05, 2008 at 07:40:13PM -0700, Joshua Piccari wrote: > Hi all, > I am setting up a few jails and I want them all to use the same /etc files > (with the exception of the files related to the password files and > databases), so I mounted a shared /etc folder as a nullfs with read-only > permissions. The problem is that using utilities like pw or chpass create > temporary files in /etc and that file system is mounted read-only. > So is there a way to force any utilities that create temp files in /etc to > use another location, something like /usr/local/etc for example? I've had a chat with another user off-list about this, and the conclusion reached is that your mounting of /etc read-only is a bad idea, for many different reasons. Let's step through things slowly, so that hopefully it'll make sense. Foremost, /etc is mounted read-only, so what purpose does it serve to be using passwd or group-editing utilities on that system? You'd need r/w access to be able to accomplish that. Secondly, utilities like vipw(8), chpass(1), pw(8), and many others all create temporary files in /etc for security reasons: the temporary files *must* be on the same filesystem. In your case, /etc is its own filesystem, mounted read-only. So, placing the temporary files (e.g. /etc/pw.XXXXXX when using vipw(8)) on a separate filesystem or separate location is not plausible. Regarding the security implications, others will have to chime in here. Thirdly, some (but not all) of the utilities support command-line flags that allow an alternative directory to /etc: pw(8) -V flag vipw(8) -d flag pwd_mkdb(8) -d flag chpass(1) no support passwd(1) no support rmuser(8) no support adduser(8) no support Fourthly, there are periodic(8) scripts which explicitly refer to /etc/master.passwd and do not support an alternative directory. Those scripts will break, and disabling them is not recommended. Finally, some other caveats/situations which will likely arise: - The administrator (you) will have to remember to use the above flags every time they use said utilities; chances are you'll forget, especially since the flags aren't all the same, - A user of your jail may become very surprised when they find passwd, group, or other files missing from /etc, - Third-party software which reads /etc/passwd or related files will fail since you'd be using an alternative /etc directory. I'm pretty sure we have some ports which use rmuser/adduser (meaning the software itself, not necessarily the port installation part). Hope this sheds some light on things. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |