From owner-freebsd-ports@FreeBSD.ORG Mon May 20 21:58:29 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 2035E129 for ; Mon, 20 May 2013 21:58:29 +0000 (UTC) (envelope-from simon.wright@gmx.net) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by mx1.freebsd.org (Postfix) with ESMTP id C21AF1FC for ; Mon, 20 May 2013 21:58:28 +0000 (UTC) Received: from mailout-de.gmx.net ([10.1.76.10]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0MF6gP-1UgU9l1cyZ-00GGZS for ; Mon, 20 May 2013 23:58:22 +0200 Received: (qmail invoked by alias); 20 May 2013 21:58:22 -0000 Received: from mail.moalboal.org.uk (EHLO [192.168.1.220]) [212.98.32.54] by mail.gmx.net (mp010) with SMTP; 20 May 2013 23:58:22 +0200 X-Authenticated: #5939745 X-Provags-ID: V01U2FsdGVkX1/HmXgf9VTHTSiZh5p6T9QtX/YhI/o6mHapdOPwtU +QQYmieY492uo7 Message-ID: <519A9C7D.3040101@gmx.net> Date: Mon, 20 May 2013 23:58:21 +0200 From: Simon Wright User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp References: <8661yedqyy.wl%poyopoyo@puripuri.plala.or.jp> <20130520143853.79242743@raksha.tavi.co.uk> In-Reply-To: <20130520143853.79242743@raksha.tavi.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 May 2013 21:58:29 -0000 On 20/05/2013 15:38, Bob Eager wrote: > On Mon, 20 May 2013 08:03:09 -0500 > sindrome wrote: > > What I think is happening is that portupgrade is building and running > shell scripts in /tmp. It's running them with (in ruby): > > system('/tmp/script') [roughly] > > The ruby runtime is checking the *path-to-the-command* and THAT is what > it's complaining about. > > Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world > writable temporary directory. > > I have an older ports tree on this machine or I'd try it myself. I had > to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE" [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* ---> Reading default options: -v -D -l /var/tmp/portupgrade.results_20130520-22:56:25 -L /var/tmp/portupgrade/%s::%s.log ---> Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. ---> Saving the results to '/var/tmp/portupgrade.results_20130520-22:56:25' /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* ---> Reading default options: -v -D -l /var/tmp/portupgrade.results_20130520-23:16:07 -L /var/tmp/portupgrade/%s::%s.log ---> Session started at: Mon, 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. ---> Saving the results to '/var/tmp /portupgrade.results_20130520-23:16:07' ---> Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00) No more complaint. I can't read the portupgrade code well enough to see what it's doing with the script, but if Bob is right that Ruby is running the portupgrade commands from /tmp then the error is within the checks in Ruby which is saying the 777 permission on /tmp is not acceptable, 775 *is* acceptable. Which is strange since surely then everyone with 777 permissions on /tmp would be seeing this message? Does this get us any further? Thanks for all the input, it is appreciated. Cheers Simon.