From owner-freebsd-questions@FreeBSD.ORG Thu Jul 19 08:12:15 2012 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2A272106564A for ; Thu, 19 Jul 2012 08:12:15 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [89.206.35.99]) by mx1.freebsd.org (Postfix) with ESMTP id 8AEC98FC0A for ; Thu, 19 Jul 2012 08:12:14 +0000 (UTC) Received: from wojtek.tensor.gdynia.pl (localhost [127.0.0.1]) by wojtek.tensor.gdynia.pl (8.14.5/8.14.5) with ESMTP id q6J8C56p007431; Thu, 19 Jul 2012 10:12:05 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.5/8.14.5/Submit) with ESMTP id q6J8C5iJ007428; Thu, 19 Jul 2012 10:12:05 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Thu, 19 Jul 2012 10:12:05 +0200 (CEST) From: Wojciech Puchar To: =?ISO-8859-15?Q?Erik_N=F8rgaard?= In-Reply-To: <5007AF61.4090207@locolomo.org> Message-ID: References: <5007AF61.4090207@locolomo.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.2.7 (wojtek.tensor.gdynia.pl [127.0.0.1]); Thu, 19 Jul 2012 10:12:05 +0200 (CEST) Cc: questions@freebsd.org Subject: Re: Help solving the sysadm's nightmare X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2012 08:12:15 -0000 > administrators had no idea what they were doing, so problems with a > permission denied would be solved by chown -R 777 /whatever! Needless to say, great. rm -rf /whatever would be even better! > it's a mess, and ofcourse everything is "critical" there is no room for > interruption of service. > > Now, I have no idea which processes actually require access to those files, > what privileges these processes run with and which files are actually > executable or just plain files. i can only help you with base system and ports permissions, and /var and /etc just look how it should be > What I know is that lots of files are on samba shares and lots of files are > used by uniface9 application, but I don't know much about uniface or if this > is actually executed on the client or on the server. look at samba config to check as what user directories are accessed. set it as such user and chmod 700 is enough. > At this moment my project is to migrate servers with these permissions to new > servers, but those who prepared the OS have maintained the permissions from > the older version because it's easier than actually investigating or > understanding what's going on and find a solution. *sigh* > > So, how can I > > - determine if files are actually unix executables or just plain files (or > windows executables)? man file > - determine which users actually need read or write access to these files? depends on software lsof will not help you.