From owner-freebsd-questions@FreeBSD.ORG Wed Aug 6 16:33:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3207106566B for ; Wed, 6 Aug 2008 16:33:46 +0000 (UTC) (envelope-from jalmberg@identry.com) Received: from mx1.identry.com (on.identry.com [66.111.0.194]) by mx1.freebsd.org (Postfix) with ESMTP id 69F338FC21 for ; Wed, 6 Aug 2008 16:33:46 +0000 (UTC) (envelope-from jalmberg@identry.com) Received: (qmail 23325 invoked by uid 89); 6 Aug 2008 16:33:45 -0000 Received: from unknown (HELO ?192.168.1.110?) (jalmberg@75.127.142.66) by mx1.identry.com with ESMTPA; 6 Aug 2008 16:33:45 -0000 In-Reply-To: <4899CEA9.6030209@FreeBSD.org> References: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com> <3A0AA7018522134597ED63B3B794C92A0284D829@STA-HQ-S001.starcomms.local> <3A0AA7018522134597ED63B3B794C92A028ECB61@STA-HQ-S001.starcomms.local> <8722E123-56D1-4CA0-8F57-DB0FB299EBD3@identry.com> <4899CEA9.6030209@FreeBSD.org> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <578DE0D9-C68B-4D57-93E8-9D517166EA9D@identry.com> Content-Transfer-Encoding: 7bit From: John Almberg Date: Wed, 6 Aug 2008 12:33:43 -0400 To: glarkin@FreeBSD.org X-Mailer: Apple Mail (2.752.3) Cc: freebsd-questions@freebsd.org Subject: Re: Controlling read access X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Aug 2008 16:33:46 -0000 > | Now I have just one major league problem: when I logged in as one > of the > | users, to test the connections, I discovered that I had SUPER > POWERS. I > | was able to delete any file that I could see, including ones that > were > | owned by root. Digging uncovered the fact that pure-ftpd runs > with root > | privileges... not so good for my situation. > | > | My guess is I need to compile with the --with-privsep switch > turned on... > | > | So, finally I have a real FreeBSD question! > | > | What is the proper way, in ports, to set a configuration flag? > The only > | way I could figure out was to add it to the Makefile. > | PRIVSEP "Enable privilege separation" on \ > | > | If this is the correct way to turn this compile switch on, it > doesn't > | seem to work. After running: > | > | make deinstall > | make config # checking the privilage separation box > | make reinstall > | > | The logged in user can still delete any file, regardless of > permissions > | or ownership. This is clearly a problem... I don't want my users > to be > | able to blow away their own websites while they are uploading some > | images. I am still digging for info on this problem. Any > thoughts, much > | appreciated! > | > | -- John > | > > Hi John, > > Try this sequence instead, and you should be all set: > > > make deinstall > make clean > make config (skip this if you've already chosen the options you want) > make install > > The clean target will make sure that your environment is reset back > to a > known state. The install target will then perform a fresh build and > install with the privsep option enabled. If you already had > binaries in > your port directory, then the reinstall target installs them without > rebuilding, as far as I can tell from reading /usr/ports/Mk/ > bsd.port.mk. > Hi Greg, I tried your sequence, but it didn't seem to work. Or, perhaps it worked and the PRIVSEP option doesn't do what I expect it to. Logging in as a normal user gives that user root privileges. This seems pretty scary to me. Not so bad, since the user is locked into his own directory, but enough power to hurt themselves, which is too much power, IMHO. My users aren't experts. I can definitely see them clicking the delete key by accident. Back to digging for info... Thanks: John