Date: Sun, 19 May 2013 09:57:52 -0500 From: sindrome <sindrome@gmail.com> To: Chris Rees <utisoft@gmail.com> Cc: FreeBSD Mailing List <freebsd-ports@freebsd.org> Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <CAFzAeSd%2B7oubgZ%2BzSJnmfNPA9v1=T41c=VF0C-sbz=vhyVE_OA@mail.gmail.com> In-Reply-To: <CADLo83-pFi8E-Wdoyju7YxBmOR67Qr4OWmZA-2x8_Um1F2bwoQ@mail.gmail.com> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> <CADLo83-pFi8E-Wdoyju7YxBmOR67Qr4OWmZA-2x8_Um1F2bwoQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I checked everywhere (in .cshrc etc..) as well as "echo $PATH" and /tmp is not in there. I'm not sure where it's picking up /tmp in the path On Sun, May 19, 2013 at 2:36 AM, Chris Rees <utisoft@gmail.com> wrote: > > On 19 May 2013 00:34, "sindrome" <sindrome@gmail.com> wrote: > > > > I just found myself troubleshooting an issue where my desktop machine > > couldn't login to my local samba server unless I have the /tmp directory > > permissions set to 777. I'd like to have it 775 not only for security > > reasons but also because portupgrade always barks when the tmp directory > it > > set that way. Is there something that can be tweaked in smb.conf so > that I > > can authenticate without that? > > > > This was in the logs which led me to the root of the problem. > > [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir > > (/tmp) failed > > > > Once I changed it back to 777 the machine trust was working again. > > > > It seems that I could set the TMPDIR environmental variable to another > > directory but that's the very same variable that portupgrade uses so it > > would still have the same issue. > > > > These are the warnings that portupgrade gives if I keep the permissions > > that way. > > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: > > Insecure world writable dir /tmp in PATH, mode 040777 > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: > > Insecure world writable dir /tmp in PATH, mode 040777 > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: > > Insecure world writable dir /tmp in PATH, mode 040777 > > > > Any thoughts on how I can make Samba not require 777 on /tmp? > > It is quite honestly an awful idea to have /tmp in your PATH. Remove it, > and the complaints will stop. > > Consider an attacker dropping a load of executables into /tmp, perhaps > called "portupgrad". You tab-complete as root, and run that instead.... > > Chris >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFzAeSd%2B7oubgZ%2BzSJnmfNPA9v1=T41c=VF0C-sbz=vhyVE_OA>