From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 6 06:49:34 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 67CFB1065670 for ; Sat, 6 Sep 2008 06:49:34 +0000 (UTC) (envelope-from rtfm.xx@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3DA6C8FC17 for ; Sat, 6 Sep 2008 06:49:34 +0000 (UTC) (envelope-from rtfm.xx@gmail.com) Received: by wa-out-1112.google.com with SMTP id j4so537987wah.3 for ; Fri, 05 Sep 2008 23:49:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:in-reply-to:mime-version:content-type:references :x-google-sender-auth; bh=aZQoI/kyljCKeHbYS+XRJp6v/T3j0Xu8sF+QknVW15U=; b=HBJTY8po7umzTtBqdMadnQ602oTbKhCojmsVDiB4O3yVclDdc7wdMKZ8+nX6E65mGA 2LXWihTiClqdvOpzeOK+S3tl9nbGla6bywyx9ZQz6COaFQkMDytwBU1eDe/J1+VOFMGA PAl6tZfGWZqvOxBsDfvr1Lz44I0YQwm/f+TJ8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=TQ7hjw9GndOyw8cfybQkSuvdJyAXXq/CRgT+aStjzK5u7e7cr4wIw1ljzib5vtDo5b KX3z0bje2TZxHfEPRek+NDpwTYuEwy4AfBezFr0gA40XeA3/HXGfFg16+54p0cKJ/Boq bFz2tugZ//BOd2+aEDRtHD2n8OJXGRVl+6o/o= Received: by 10.114.184.7 with SMTP id h7mr10850227waf.9.1220683773804; Fri, 05 Sep 2008 23:49:33 -0700 (PDT) Received: by 10.114.157.5 with HTTP; Fri, 5 Sep 2008 23:49:33 -0700 (PDT) Message-ID: <15d3bc360809052349t4e90e719tf82c5002a2d9e2d@mail.gmail.com> Date: Fri, 5 Sep 2008 23:49:33 -0700 From: "Joshua Piccari" Sender: rtfm.xx@gmail.com To: freebsd-hackers@freebsd.org In-Reply-To: <20080906063113.GB77307@icarus.home.lan> MIME-Version: 1.0 References: <15d3bc360809051940t70f0b884mb9a80132acc50b45@mail.gmail.com> <20080906063113.GB77307@icarus.home.lan> X-Google-Sender-Auth: 22d21049768dc6df Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Temp files in /etc X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Sep 2008 06:49:34 -0000 On Fri, Sep 5, 2008 at 11:31 PM, Jeremy Chadwick wrote: > On Fri, Sep 05, 2008 at 07:40:13PM -0700, Joshua Piccari wrote: > > Hi all, > > I am setting up a few jails and I want them all to use the same /etc > files > > (with the exception of the files related to the password files and > > databases), so I mounted a shared /etc folder as a nullfs with read-only > > permissions. The problem is that using utilities like pw or chpass create > > temporary files in /etc and that file system is mounted read-only. > > So is there a way to force any utilities that create temp files in /etc > to > > use another location, something like /usr/local/etc for example? > > I've had a chat with another user off-list about this, and the > conclusion reached is that your mounting of /etc read-only is a bad > idea, for many different reasons. Let's step through things slowly, so > that hopefully it'll make sense. > > Foremost, /etc is mounted read-only, so what purpose does it serve to be > using passwd or group-editing utilities on that system? You'd need r/w > access to be able to accomplish that. > > Secondly, utilities like vipw(8), chpass(1), pw(8), and many others all > create temporary files in /etc for security reasons: the temporary files > *must* be on the same filesystem. In your case, /etc is its own > filesystem, mounted read-only. So, placing the temporary files (e.g. > /etc/pw.XXXXXX when using vipw(8)) on a separate filesystem or separate > location is not plausible. Regarding the security implications, others > will have to chime in here. > > Thirdly, some (but not all) of the utilities support command-line flags > that allow an alternative directory to /etc: > > pw(8) -V flag > vipw(8) -d flag > pwd_mkdb(8) -d flag > chpass(1) no support > passwd(1) no support > rmuser(8) no support > adduser(8) no support > > Fourthly, there are periodic(8) scripts which explicitly refer to > /etc/master.passwd and do not support an alternative directory. Those > scripts will break, and disabling them is not recommended. > > Finally, some other caveats/situations which will likely arise: > > - The administrator (you) will have to remember to use the above flags > every time they use said utilities; chances are you'll forget, > especially since the flags aren't all the same, > - A user of your jail may become very surprised when they find > passwd, group, or other files missing from /etc, > - Third-party software which reads /etc/passwd or related files will > fail since you'd be using an alternative /etc directory. I'm > pretty sure we have some ports which use rmuser/adduser (meaning > the software itself, not necessarily the port installation part). > > Hope this sheds some light on things. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > Thanks so much Jeremy. You sure did give out lots of information. Unfortunately none that I can really use. Let me explain my situation a bit more. I have a shared /etc folder that is mounted read-only to the different jails that share it. Some of the configuration files which need to be dynamic from jail to jail are replaced with symbolic links to the jails /usr/local/etc folder. The reason for mount /etc as read-only is to ensure that none of the jails accidentally modify the configurations for all the jails sharing these configurations. However, there is an issue with creating temp files on a read-only system which means I will have to work around this somehow. I thought about setting the schg flag on all the files in the shared /etc folder but I don't want one jail to be able to add a rc.d script for every jail. Anyways, hope that helps clarify things. Also, is there a way to just move the password files/databases to /usr/local/etc instead, I vaguely remember something in one of the man pages about alternate passwd/master.passwd locations, probably the flags you noted above. I'll check that out more tomorrow after some good sleep. :) ~Joshua