From owner-freebsd-stable@FreeBSD.ORG Thu Feb 16 13:56:01 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 840DC16A420 for ; Thu, 16 Feb 2006 13:56:01 +0000 (GMT) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id C706D43D6E for ; Thu, 16 Feb 2006 13:56:00 +0000 (GMT) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.13.4/8.13.4) with ESMTP id k1GDtxZF049000 for ; Thu, 16 Feb 2006 16:55:59 +0300 (MSK) (envelope-from marck@rinet.ru) Date: Thu, 16 Feb 2006 16:55:59 +0300 (MSK) From: Dmitry Morozovsky To: freebsd-stable@freebsd.org In-Reply-To: <20060216161726.M91053@woozle.rinet.ru> Message-ID: <20060216165258.Q91053@woozle.rinet.ru> References: <20060216161726.M91053@woozle.rinet.ru> X-NCC-RegID: ru.rinet MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (woozle.rinet.ru [0.0.0.0]); Thu, 16 Feb 2006 16:55:59 +0300 (MSK) Subject: Re: RELENG_6 weird '..' permission troubles X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 13:56:01 -0000 Following myself: On Thu, 16 Feb 2006, Dmitry Morozovsky wrote: DM> Dear colleagues, DM> DM> I have misterious permission troubles on rather fresh RELENG_6: DM> DM> from root everything's ok: [snip] DM> but from really unprivileged user: DM> DM> %id DM> uid=1008(nata) gid=1008(nata) groups=1008(nata), 24(samba) DM> %ls -la /usr DM> ls: ..: Permission denied DM> Any hints? Actually, lower level mountpoints (e.g. /usr on / and so on) had permissions 0750 instead of 0755 or at least 0111. To fix it (machine in headless) I had to make the following rc.d script (rc.d/early.sh cannot be used because / is mountd ro at that time) : root@hamster:/etc# cat /etc/rc.d/earlyroot #!/bin/sh # # $FreeBSD$ # # REQUIRE: root # BEFORE: mountcritlocal # KEYWORD: nojail if [ -r /etc/rc.earlyroot ]; then . /etc/rc.earlyroot fi and put /sbin/chmod 0111 /usr /var /lh in /etc/rc.earlyroot Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------