Date: Mon, 20 May 2013 23:58:21 +0200 From: Simon Wright <simon.wright@gmx.net> To: freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <519A9C7D.3040101@gmx.net> In-Reply-To: <20130520143853.79242743@raksha.tavi.co.uk> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> <8661yedqyy.wl%poyopoyo@puripuri.plala.or.jp> <CAFzAeSe4YTdUiqcxSDUGDf6fQEeDK_sDVYym1hsck8fms8kJqA@mail.gmail.com> <20130520143853.79242743@raksha.tavi.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/05/2013 15:38, Bob Eager wrote:
> On Mon, 20 May 2013 08:03:09 -0500
> sindrome <sindrome@gmail.com> wrote:
>
> What I think is happening is that portupgrade is building and running
> shell scripts in /tmp. It's running them with (in ruby):
>
> system('/tmp/script') [roughly]
>
> The ruby runtime is checking the *path-to-the-command* and THAT is what
> it's complaining about.
>
> Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world
> writable temporary directory.
>
> I have an older ports tree on this machine or I'd try it myself. I had
> to download the latest sources to check all this,
Trying to summarise what I've tested here with the results.
My PKG_TMPDIR and TMPDIR are set to /var/tmp:
pkgtools.conf:
ENV['TMPDIR'] ||= '/var/tmp'
ENV['PKG_TMPDIR'] ||= '/var/tmp'
ENV['PORTSDIR'] ||= '/usr/ports'
ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages'
from /usr/local/etc/sudoers:
# Uncomment if needed to preserve environmental variables related to the
# FreeBSD pkg_* utilities and fetch.
Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR
PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE"
[simon@vmserver04 ~]$ ls -ld /var/tmp
drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/
Note: /var/tmp is not world writeable
[simon@vmserver04 ~]$ echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/usr/local/scripts:
root@vmserver04:/root # echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
I run portupgrade via sudo but both $PATH's show no /tmp or .
[simon@vmserver04 ~]$ ruby -v
ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9]
portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and
management tool s
Other (not likely) relevant stuff:
- I have /usr/ports mounted rw with NFS
- I have the packages directory mounted rw with NFS and amd then
redefine $PACKAGES to point to the mount point
This has been working for several years with no issues
[simon@vmserver04 ~]$ sudo portupgrade -v portupgrade*
---> Reading default options: -v -D -l
/var/tmp/portupgrade.results_20130520-22:56:25 -L
/var/tmp/portupgrade/%s::%s.log
---> Session started at: Mon, 20 May 2013 22:56:26 +0200
** None has been installed or upgraded.
---> Saving the results to
'/var/tmp/portupgrade.results_20130520-22:56:25'
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
Still the complaint about /tmp/
[simon@vmserver04 ~]$ sudo chmod 1775 /tmp
[simon@vmserver04 ~]$ ls -ld /tmp
drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/
[simon@vmserver04 ~]$ sudo portupgrade -v portupgrade*
---> Reading default options: -v -D -l
/var/tmp/portupgrade.results_20130520-23:16:07 -L
/var/tmp/portupgrade/%s::%s.log
---> Session started at: Mon, 20 May 2013 23:16:07 +0200
** None has been installed or upgraded.
---> Saving the results to '/var/tmp
/portupgrade.results_20130520-23:16:07'
---> Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed
00:00:00)
No more complaint.
I can't read the portupgrade code well enough to see what it's doing
with the script, but if Bob is right that Ruby is running the
portupgrade commands from /tmp then the error is within the checks
in Ruby which is saying the 777 permission on /tmp is not
acceptable, 775 *is* acceptable. Which is strange since surely then
everyone with 777 permissions on /tmp would be seeing this message?
Does this get us any further?
Thanks for all the input, it is appreciated.
Cheers
Simon.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?519A9C7D.3040101>