From owner-freebsd-ports@FreeBSD.ORG Sun May 19 18:56:42 2013 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8A845178 for ; Sun, 19 May 2013 18:56:42 +0000 (UTC) (envelope-from rde@tavi.co.uk) Received: from kipling.tavi.co.uk (kipling.tavi.co.uk [81.187.145.130]) by mx1.freebsd.org (Postfix) with ESMTP id 42F543DF for ; Sun, 19 May 2013 18:56:42 +0000 (UTC) Received: from raksha.tavi.co.uk (raksha.tavi.co.uk [81.187.145.139]) by kipling.tavi.co.uk (Postfix) with ESMTP id A19FBC3F3A for ; Sun, 19 May 2013 19:56:39 +0100 (BST) Date: Sun, 19 May 2013 19:56:39 +0100 From: Bob Eager To: freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <20130519195639.79464471@raksha.tavi.co.uk> In-Reply-To: References: <20130519115232.49f52d01@scorpio> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; i386-portbld-freebsd9.1) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAMFBMVEUwXjFLc0vD0cS7y7zw9PDZ4tkWSRaVrZZ+m39qi2tXfVj////7+/utwK4IPggAOAAJUUA7AAABKklEQVQ4jWPYjQMwDFYJp0NKEKCNJmEf9h8CsimXiL2e33s3/e7F7K2Cs3f3dCMkQkMKj4YuCY3K3iR+e7fMaiSjvkX0/5cFGrWpe2uLzOpaExUVqMS/8PX/Re5ey960OLBTZpFA8+IlSBKPQ92zNyUUBsosN58uIY0k8f+/ONCoYytkVuhWzVwNkYiYbqk5M3NmOVBi41YZ8RsGF7shEtFb5KJ3r969CyixM7OTPeFUxG2IxLO8/9/SvqXlc+/x3h295YzLlj2nIRJQj//nRvc5TEIal8RsXBLVuCQwIgoq/u80DomP6HEOk/iOS+IJLonZOCT+ReOQ+Lkbh0QKLonbOCR+7MYhsRqHBJrVcIl/1TgklqKLQyQ+tGKIgyQOqXpjig94diZRAgAXmDX6jyWafAAAAABJRU5ErkJggg====== Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 May 2013 18:56:42 -0000 On Sun, 19 May 2013 13:34:49 -0500 sindrome wrote: > I'm not sure I understand your question. Portupgrade barks about > the /tmp directory being world writable. I pasted the exact errors > earlier in this thread. I looked in my path and can't find /tmp in > there and can't figure how to get rid of ruby complaining unless I > remove the writable permissions. When I do that my windows desktop > can't authenticate to my samba server. There has to be a root of > this problem to make them both work. Is there some other place > portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work.