Date: Fri, 25 Jan 2013 14:48:19 +0100 From: "Ralf Mardorf" <ralf.mardorf@rocketmail.com> To: "FreeBSD quest" <freebsd-questions@freebsd.org> Subject: Re: Sharing a mail folder between Linux and FreeBSD Message-ID: <op.wrgzatq7uwjkcr@freebsd> In-Reply-To: <20130125133346.f1484ed8.freebsd@edvax.de> References: <op.wrguj103uwjkcr@freebsd> <20130125133346.f1484ed8.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you all :) everything is ok now. I don't mark the thread as solved, since I still didn't set up Evolution. On Fri, 25 Jan 2013 13:33:46 +0100, Polytropon <freebsd@edvax.de> wrote: >> $ ls -l `which su` >> -r-sr-xr-x 1 rocketmouse wheel 16880 Dec 23 18:38 /usr/bin/su > > Erm... that looks horribly wrong. > > The permissions indicate that setuid is set, but the file > owner is wrong. For comparison: > > -r-sr-xr-x 1 root wheel 14604 2011-08-21 20:24:28 /usr/bin/su* > > This program has to belong to root. It seems that your > attempt to reflect UID changes in the file permissions > exceeded the scope of this task: Programs of the OS > seem to be affected, which is definitely not good. IMO setuid alone already is a security risk. >> $ ls -l /home/ | grep rocketmouse >> drwxr-xr-x 28 rocketmouse rocketmouse 1536 Jan 25 12:17 >> rocketmouse > > You can use ls -ld to omit the grep step. :-) $ ls -ld /home/rocketmouse drwxr-xr-x 28 rocketmouse rocketmouse 1536 Jan 25 13:19 /home/rocketmouse :) I was sure that using grep is stupid and should have done a 'man ls', since 'help' wasn't helpful. This issue and 'cat | grep' instead of grep only are common mistakes by many Linux users. Thank you for the hint. > I think you can now spot a possible mistake for the file owner > change I mentioned above: Only files inside /home should have > been in the initial scope, but somehow -uid 1001 has been > avaluated true for /usr/bin/su, even though I cannot imagine > what should have caused this. In this case /home and /mnt/*, but I understand what you mean. > Do you have other files in /usr or even /usr/local that do > belong to rocketmouse (uid == 1000 or 1001) now? That should > not have happened... /usr/bin is ok /usr/include is ok /usr/include/* seem to be ok, I just checked some folders /usr/lib and /usr/lib/* are ok /usr/libdata and /usr/libdata/* are ok /usr/libexec and /usr/libexec/*/* are ok /usr/ports is ok /usr/ports/* seem to be ok, I just checked some folders /usr/sbin is ok /usr/share is ok /usr/share/* seem to be ok, I just checked some folders /usr/src is ok /usr/src/*/* seem to be ok, I just checked some folders /usr/local is ok /usr/local/bin and /usr/local/bin/* are ok /usr/local/bootstrap* and [...]/* are ok /usr/local/etc is ok /usr/local/etc/* seem to be ok, at least PolicyKit and ConsoleKit are /usr/local/include is ok [snip] All /usr/local/* are ok and all /usr/local/*/* seem to be ok. Other directories in /usr and /usr/local are empty. OT: /usr/lib32 and /usr/lib32/* belong to the empty folders in /usr. So FreeBSD is multi arch capable? (since there's /usr/ports/astro/google-earth for amd64, I suspect it is) > Some programs check by whom they are called or who they > belong to; if that's != root when it is _supposed_ to > be root, that can cause problems, especially when it's > not a simple x (execute), but s (setuid) program like > an X display manager. So I guess I only need to correct the owner for /usr/bin/su. $ ls -l /usr/bin/su -r-sr-xr-x 1 root wheel 16880 Dec 23 18:38 /usr/bin/su I wonder if setting suid is needed, while the kit family is installed. For sure it's possible to add a rool to some kit config. Restart PPPoE was enabled automagically :). $ su Password: You have mail. root@freebsd:/usr/home/rocketmouse # :) Ctrl + Alt + F* will switch to ttyv* and su does work too. :) So the switch to uid 1000 seem to be complete now, without any gaps. On Fri, 25 Jan 2013 13:57:13 +0100, Erich Dollansky <erichsfreebsdlist@alogt.com> wrote: > Do not worry. This is the main advantage of FreeBSD over many other > operating systems. The chances are very, verhy high that you will find > help when needed. For Linux it depends to the mailing list. it depends not only to the traffic and kind of list, but also to the kind of people who are subscribed. Regards, Ralf
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wrgzatq7uwjkcr>