From owner-freebsd-questions@FreeBSD.ORG Fri Jan 25 13:48:27 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id CD2DDAC0 for ; Fri, 25 Jan 2013 13:48:27 +0000 (UTC) (envelope-from ralf.mardorf@rocketmail.com) Received: from nm4-vm0.bullet.mail.ird.yahoo.com (nm4-vm0.bullet.mail.ird.yahoo.com [77.238.189.211]) by mx1.freebsd.org (Postfix) with SMTP id 3F558AFE for ; Fri, 25 Jan 2013 13:48:26 +0000 (UTC) Received: from [77.238.189.50] by nm4.bullet.mail.ird.yahoo.com with NNFMP; 25 Jan 2013 13:48:20 -0000 Received: from [46.228.39.98] by tm3.bullet.mail.ird.yahoo.com with NNFMP; 25 Jan 2013 13:48:20 -0000 Received: from [127.0.0.1] by smtp135.mail.ir2.yahoo.com with NNFMP; 25 Jan 2013 13:48:20 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rocketmail.com; s=s1024; t=1359121700; bh=I8QZJAPQw5n1c7FtOl178fAafoeaLzHTA+UjTfhnM7w=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Content-Type:References:Subject:To:Date:MIME-Version:Content-Transfer-Encoding:From:Message-ID:In-Reply-To:User-Agent; b=5dMwUweE7igD0lI4g8b2iI+LJSJ26XWv1dKMTntwS+swWWV2cpEyIH9FybycX2pLeewmistgqIAAzRbC8tdm1HNfNbdyYDHA3I0nxFnV5YEnI6Uw1kOCXCRiyvU3sPFUa2Jnwf7gzPYnb2nbWQ0ubom9DnxQkTSTPfdVatfpkuo= X-Yahoo-Newman-Id: 184988.41339.bm@smtp135.mail.ir2.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: sz4E_I8VM1kqdoFVyM68FGW4yvAoQ5CCh8nXnH0wew9hqSY hOmeU5VeNFFtblTjB.fqmbcjR1ezMZFxuYcqzdfko36hJN8N_ZQJtIEzwgRb bBc4S5pOdEZ_MD72_uEIleOOBG9cPEyC2cqVGCoQrvCdOfl3KHEcO9D22umn 2Uc7jKaxiGAhZaMBWMg_thoWb__b1tQIV8AaEpkfTXqIo7sgAXEFpKA8eT1r 7.aM4l0l1uSacNOulB255l5YJkzAt43wmUNAtz_gTpsmnswFHsXBy_Q7qGqH 8CFvQDJdv96Gx1vRVIYs0N.XXMT5OJu_to9f24KycH995H8rPgtKSUMzNOcn MLmu61gEsH..tbBG9tmt5mmeCgnnBMlSq_90Ay8HL5QMQacy9ZFFri.lhR1V moshokWK7y8cmkfyfbD73TbcTDX.6DpTldnA67m8Nhvg- X-Yahoo-SMTP: BeMCPs2swBABTJ3kAeEiC_hE0mz8jRexLddJfD8pI2j32fOacjBmXg-- Received: from freebsd (ralf.mardorf@85.182.21.29 with login) by smtp135.mail.ir2.yahoo.com with SMTP; 25 Jan 2013 13:48:19 +0000 UTC Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes References: <20130125133346.f1484ed8.freebsd@edvax.de> Subject: Re: Sharing a mail folder between Linux and FreeBSD To: "FreeBSD quest" Date: Fri, 25 Jan 2013 14:48:19 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ralf Mardorf" Message-ID: In-Reply-To: <20130125133346.f1484ed8.freebsd@edvax.de> User-Agent: Opera Mail/12.12 (FreeBSD) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jan 2013 13:48:27 -0000 Thank you all :) everything is ok now. I don't mark the thread as solved, since I still didn't set up Evolution. On Fri, 25 Jan 2013 13:33:46 +0100, Polytropon wrote: >> $ ls -l `which su` >> -r-sr-xr-x 1 rocketmouse wheel 16880 Dec 23 18:38 /usr/bin/su > > Erm... that looks horribly wrong. > > The permissions indicate that setuid is set, but the file > owner is wrong. For comparison: > > -r-sr-xr-x 1 root wheel 14604 2011-08-21 20:24:28 /usr/bin/su* > > This program has to belong to root. It seems that your > attempt to reflect UID changes in the file permissions > exceeded the scope of this task: Programs of the OS > seem to be affected, which is definitely not good. IMO setuid alone already is a security risk. >> $ ls -l /home/ | grep rocketmouse >> drwxr-xr-x 28 rocketmouse rocketmouse 1536 Jan 25 12:17 >> rocketmouse > > You can use ls -ld to omit the grep step. :-) $ ls -ld /home/rocketmouse drwxr-xr-x 28 rocketmouse rocketmouse 1536 Jan 25 13:19 /home/rocketmouse :) I was sure that using grep is stupid and should have done a 'man ls', since 'help' wasn't helpful. This issue and 'cat | grep' instead of grep only are common mistakes by many Linux users. Thank you for the hint. > I think you can now spot a possible mistake for the file owner > change I mentioned above: Only files inside /home should have > been in the initial scope, but somehow -uid 1001 has been > avaluated true for /usr/bin/su, even though I cannot imagine > what should have caused this. In this case /home and /mnt/*, but I understand what you mean. > Do you have other files in /usr or even /usr/local that do > belong to rocketmouse (uid == 1000 or 1001) now? That should > not have happened... /usr/bin is ok /usr/include is ok /usr/include/* seem to be ok, I just checked some folders /usr/lib and /usr/lib/* are ok /usr/libdata and /usr/libdata/* are ok /usr/libexec and /usr/libexec/*/* are ok /usr/ports is ok /usr/ports/* seem to be ok, I just checked some folders /usr/sbin is ok /usr/share is ok /usr/share/* seem to be ok, I just checked some folders /usr/src is ok /usr/src/*/* seem to be ok, I just checked some folders /usr/local is ok /usr/local/bin and /usr/local/bin/* are ok /usr/local/bootstrap* and [...]/* are ok /usr/local/etc is ok /usr/local/etc/* seem to be ok, at least PolicyKit and ConsoleKit are /usr/local/include is ok [snip] All /usr/local/* are ok and all /usr/local/*/* seem to be ok. Other directories in /usr and /usr/local are empty. OT: /usr/lib32 and /usr/lib32/* belong to the empty folders in /usr. So FreeBSD is multi arch capable? (since there's /usr/ports/astro/google-earth for amd64, I suspect it is) > Some programs check by whom they are called or who they > belong to; if that's != root when it is _supposed_ to > be root, that can cause problems, especially when it's > not a simple x (execute), but s (setuid) program like > an X display manager. So I guess I only need to correct the owner for /usr/bin/su. $ ls -l /usr/bin/su -r-sr-xr-x 1 root wheel 16880 Dec 23 18:38 /usr/bin/su I wonder if setting suid is needed, while the kit family is installed. For sure it's possible to add a rool to some kit config. Restart PPPoE was enabled automagically :). $ su Password: You have mail. root@freebsd:/usr/home/rocketmouse # :) Ctrl + Alt + F* will switch to ttyv* and su does work too. :) So the switch to uid 1000 seem to be complete now, without any gaps. On Fri, 25 Jan 2013 13:57:13 +0100, Erich Dollansky wrote: > Do not worry. This is the main advantage of FreeBSD over many other > operating systems. The chances are very, verhy high that you will find > help when needed. For Linux it depends to the mailing list. it depends not only to the traffic and kind of list, but also to the kind of people who are subscribed. Regards, Ralf