Date: Thu, 16 Feb 2006 16:55:59 +0300 (MSK) From: Dmitry Morozovsky <marck@rinet.ru> To: freebsd-stable@freebsd.org Subject: Re: RELENG_6 weird '..' permission troubles Message-ID: <20060216165258.Q91053@woozle.rinet.ru> In-Reply-To: <20060216161726.M91053@woozle.rinet.ru> References: <20060216161726.M91053@woozle.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Following myself:
On Thu, 16 Feb 2006, Dmitry Morozovsky wrote:
DM> Dear colleagues,
DM>
DM> I have misterious permission troubles on rather fresh RELENG_6:
DM>
DM> from root everything's ok:
[snip]
DM> but from really unprivileged user:
DM>
DM> %id
DM> uid=1008(nata) gid=1008(nata) groups=1008(nata), 24(samba)
DM> %ls -la /usr
DM> ls: ..: Permission denied
DM> Any hints?
Actually, lower level mountpoints (e.g. /usr on / and so on) had
permissions 0750 instead of 0755 or at least 0111. To fix it (machine in
headless) I had to make the following rc.d script (rc.d/early.sh cannot be used
because / is mountd ro at that time) :
root@hamster:/etc# cat /etc/rc.d/earlyroot
#!/bin/sh
#
# $FreeBSD$
#
# REQUIRE: root
# BEFORE: mountcritlocal
# KEYWORD: nojail
if [ -r /etc/rc.earlyroot ]; then
. /etc/rc.earlyroot
fi
and put
/sbin/chmod 0111 /usr /var /lh
in /etc/rc.earlyroot
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060216165258.Q91053>