From owner-freebsd-ports@FreeBSD.ORG Sun May 19 02:56:27 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B0942BD5 for ; Sun, 19 May 2013 02:56:27 +0000 (UTC) (envelope-from erich@alogt.com) Received: from alogt.com (alogt.com [69.36.191.58]) by mx1.freebsd.org (Postfix) with ESMTP id 84712172 for ; Sun, 19 May 2013 02:56:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=alogt.com; s=default; h=Content-Transfer-Encoding:Content-Type:Mime-Version:References:In-Reply-To:Message-ID:Subject:Cc:To:From:Date; bh=QrzJ8tHujwbkt4ZDFNQPj23P0SFOvtoDBZmdkdIZyU4=; b=umngmx7E/LnkiLwWLjKPnWn0KkLv35cydWsQG2H94oiDbFS0O38QXSOJG9thhfDTE+YB7/sPAuqsMGJa9+lQKMBXLrXxfALlfG1MRm3RplG9gSylO5M5HA6Xs1B2prE2rTTRYPdcQ7yWFIVt1QDLHz3LB8iRELjr1TWqcSLQEvA=; Received: from [122.129.203.50] (port=26637 helo=X220.ovitrap.com) by sl-508-2.slc.westdc.net with esmtpsa (SSLv3:DHE-RSA-AES128-SHA:128) (Exim 4.80) (envelope-from ) id 1UdtnG-002tST-6J; Sat, 18 May 2013 20:56:19 -0600 Date: Sun, 19 May 2013 09:56:14 +0700 From: Erich Dollansky To: sindrome Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <20130519095614.4bcf7f64@X220.ovitrap.com> In-Reply-To: References: <20130519004659.3d415b88@raksha.tavi.co.uk> Organization: ALO Green Technologies X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sl-508-2.slc.westdc.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - alogt.com X-Get-Message-Sender-Via: sl-508-2.slc.westdc.net: authenticated_id: erich@alogt.com X-Source: X-Source-Args: X-Source-Dir: Cc: Bob Eager , freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 May 2013 02:56:27 -0000 Hi, On Sat, 18 May 2013 19:52:19 -0500 sindrome wrote: > Thanks for that tip. I was hoping that was the root of it but upon > looking at my path, I don't have /tmp in there. II used to have the > sticky bit set on there. I just re-set it but portupgrade still keeps > barking because it's world writable. It seems that the conflict is > Samba needs it to be world writable and portupgrade hates it. > this is all really weird. /tmp is meant to be written by everyone on the machine. The elements inside /tmp can have then any other settings. Your problem must be caused by something else. At least, I cannot remember to ever have seen /tmp with a different setting than 0777. Erich > > On Sat, May 18, 2013 at 6:46 PM, Bob Eager wrote: > > > On Sat, 18 May 2013 18:34:47 -0500 > > sindrome wrote: > > > > > I just found myself troubleshooting an issue where my desktop > > > machine couldn't login to my local samba server unless I have > > > the /tmp directory permissions set to 777. I'd like to have it > > > 775 not only for security reasons but also because portupgrade > > > always barks when the tmp directory it set that way. Is there > > > something that can be tweaked in smb.conf so that I can > > > authenticate without that? > > > > > > This was in the logs which led me to the root of the problem. > > > [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) > > > chdir (/tmp) failed > > > > > > Once I changed it back to 777 the machine trust was working again. > > > > > > It seems that I could set the TMPDIR environmental variable to > > > another directory but that's the very same variable that > > > portupgrade uses so it would still have the same issue. > > > > > > These are the warnings that portupgrade gives if I keep the > > > permissions that way. > > > > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: > > > warning: Insecure world writable dir /tmp in PATH, mode 040777 > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: > > > warning: Insecure world writable dir /tmp in PATH, mode 040777 > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: > > > warning: Insecure world writable dir /tmp in PATH, mode 040777 > > > > > > Any thoughts on how I can make Samba not require 777 on /tmp? > > > > The correct mode for /tmp is probably 1777 anyway. That allows > > anyone to create files there, but only they can manipulate them. > > See sticky(7). > > > > The implication of the error messages from portupgrade is that /tmp > > is in your PATH, which is pretty unusual. Check your .profile, > > login, .cshrc etc. and remove /tmp from any path settings. This is > > indeed a security risk! > > > > Do that, portupgrade will stop complaining, and the correct 1777 (or > > 777) setting will keep samba happy. > > _______________________________________________ > > freebsd-ports@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > > To unsubscribe, send any mail to > > "freebsd-ports-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to > "freebsd-ports-unsubscribe@freebsd.org"