From owner-freebsd-security@FreeBSD.ORG  Sat Jan 13 18:31:08 2007
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B375F16A40F
	for <freebsd-security@freebsd.org>;
	Sat, 13 Jan 2007 18:31:08 +0000 (UTC) (envelope-from randy@psg.com)
Received: from rip.psg.com (rip.psg.com [147.28.0.39])
	by mx1.freebsd.org (Postfix) with ESMTP id 9C29613C465
	for <freebsd-security@freebsd.org>;
	Sat, 13 Jan 2007 18:31:08 +0000 (UTC) (envelope-from randy@psg.com)
Received: from localhost ([127.0.0.1] helo=roam.psg.com)
	by rip.psg.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63 (FreeBSD)) (envelope-from <randy@psg.com>)
	id 1H5nel-000CcK-Sb
	for freebsd-security@freebsd.org; Sat, 13 Jan 2007 18:31:08 +0000
Received: from localhost ([127.0.0.1] helo=roam.psg.com)
	by roam.psg.com with esmtp (Exim 4.63 (FreeBSD))
	(envelope-from <randy@psg.com>) id 1H5nd1-000389-As
	for freebsd-security@freebsd.org; Sat, 13 Jan 2007 08:29:19 -1000
From: Randy Bush <randy@psg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <17833.9470.515735.802136@roam.psg.com>
Date: Sat, 13 Jan 2007 08:29:18 -1000
To: freebsd-security@freebsd.org
References: <17832.37104.392873.671721@roam.psg.com>
Subject: Re: Permission denied by op
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jan 2007 18:31:08 -0000

> i am invoking op from a python proggy which does an op.system() of
>    op chmod 640 /usr/local/etc/tac_plus.conf
> i get "Permission denied by op" 

btw, have tested with same invocation directly from /bin/sh.  same
result.  i.e. it is not the python environment.

> % ls -l /usr/local/etc/op.access
> -r--------  1 root  wheel  149 Jan 13 07:41 /usr/local/etc/op.access
> 
> % cat /usr/local/etc/op.access
> # 2007.01.13
> #
> #DEFAULT users=src
> #
> chown   /usr/sbin/chown $* ; users=src
> chmod   /bin/chmod $* ; users=src
> rsync   /usr/local/bin/rsync $* ; users=src
> #
> 
> % id
> uid=1007(src) gid=1006(srctree) groups=1006(srctree)
> 
> clue bat, please
> 
> randy