From owner-freebsd-questions@FreeBSD.ORG Sun Aug 3 12:55:10 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D81A07CF for ; Sun, 3 Aug 2014 12:55:10 +0000 (UTC) Received: from fly.hiwaay.net (fly.hiwaay.net [216.180.54.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A3A7C2A12 for ; Sun, 3 Aug 2014 12:55:10 +0000 (UTC) Received: from [192.168.0.4] (rbn1-216-180-76-216.adsl.hiwaay.net [216.180.76.216]) by fly.hiwaay.net (8.13.8/8.13.8/fly) with ESMTP id s73Ct8NL013698 for ; Sun, 3 Aug 2014 07:55:08 -0500 Message-ID: <53DE32A3.3010606@hiwaay.net> Date: Sun, 03 Aug 2014 08:01:23 -0500 From: "William A. Mahaffey III" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7 MIME-Version: 1.0 To: "FreeBSD Questions !!!!" Subject: Re: permission problems w/ ordinary user .... References: <53DD742F.3020408@hiwaay.net> <20140803014039.75f4b2f9.freebsd@edvax.de> <53DD7AAD.4000902@hiwaay.net> <20140803020106.9696cf18.freebsd@edvax.de> In-Reply-To: <20140803020106.9696cf18.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2014 12:55:11 -0000 On 08/02/14 19:01, Polytropon wrote: > On Sat, 02 Aug 2014 18:56:29 -0500, William A. Mahaffey III wrote: >> On 08/02/14 18:40, Polytropon wrote: >>> On Sat, 02 Aug 2014 18:28:47 -0500, William A. Mahaffey III wrote: >>>> .... I have been trying to setup the regular user (me, non-root) on my >>>> newly minted FreeBSD 9.3 box. I tried su-ing from tooy & ssh-ing in as >>>> me from another box, both give weird results, see the following from my >>>> syslog: >>>> >>>> [...] >>>> Aug 2 18:23:01 kabini1 sshd[1252]: _secure_path: cannot stat >>>> /home/wam/.login_conf: Permission denied >>>> >>>> >>>> also, the home-directory keeps getting the 'x' permission bit set to off >>>> by .... something .... >>> I think you have described the reason for the problem: >>> The x attribute for a directory means "enter and search" >>> and should be _set_ for the user. If it's not, the user >>> cannot enter his own home directory or access files >>> within it. In this case, /home/wam/.login_conf cannot >>> be read which seems to be neccessary for the login >>> process. >>> >>> You need to find that "something" that created or altered >>> /home/wam with the x attribute off. Login as root and >>> correct the setting manually, so you should be able to >>> login afterwards. >>> >>> This is how the resulting "ls -l /home" output it should >>> look like for your user: >>> >>> drwx------ [...] wam wam [...] wam/ >>> ^ >>> >>> (This is minimum permissions; drwxrwxr-x or drwxr-x--- >>> are other common examples.) >>> >>> How did you introduce the user to the system? Did you >>> use "adduser" or "pw add"? >> I used useradd as root, & the permissions were set correctly to begin >> with. > Okay, so a "problem upon initiation" does not occur. > > > >> I suspect that the failed logins are triggering the reset, but w/ >> little proof .... > This is _very_ strange. Do you have anything in your login > scripts, like ~/.cshrc (or ~/.tcshrc), ~/.login or ~/.profile > that looks "offending"? Nothing I can see .... I am setting aliases & the like, but nothing fancy //// > > > >> I have reset the perms as root several times during >> this exercise, & they keep getting unset after the login failure .... > I'm not sure what part of the system could trigger that behavuiour, > it just sounds totally wrong... > > However, you could run truss on an login attempt to see what > the process does (invisibly), calling /bin/chmod via execve() > or by chmod() or popen(). I eventually noticed that the default ~/.login_conf had an entry, commented out. I uncommented it, reset the perms, logged in & out several times, & everything went AOK. Noob observation: that entry should be uncommented from the factory :-) .... -- William A. Mahaffey III ---------------------------------------------------------------------- "The M1 Garand is without doubt the finest implement of war ever devised by man." -- Gen. George S. Patton Jr.