From owner-freebsd-security@FreeBSD.ORG Sun Mar 30 11:12:53 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C992637B401 for ; Sun, 30 Mar 2003 11:12:53 -0800 (PST) Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CA2F43FB1 for ; Sun, 30 Mar 2003 11:12:53 -0800 (PST) (envelope-from martin@dc.cis.okstate.edu) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.12.6/8.12.6) with ESMTP id h2UJCq5b096227 for ; Sun, 30 Mar 2003 13:12:52 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200303301912.h2UJCq5b096227@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Date: Sun, 30 Mar 2003 13:12:52 -0600 From: Martin McCormick Subject: Re: How did I Break ssh? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2003 19:12:57 -0000 This is Martin McCormick again. I haven't yet fixed my problem with ssh not being able to write in my home directory, but I am hot on the trail. I have another question, but first I will tell all of you what I found out so anybody else who wants to try the same thing will know what to expect. As I originally said, I started out with a minimal installation of FreeBSD and then extracted a tar ball made from the root drive of another system to fill out the installation. My problem of not being able to get ssh to write new host keys in to ~/.ssh/known_hosts was obviously a permission problem, but what could it be? I finally found that the symbolic link between /home and /usr/home on the two cloned systems had the mode of 755 or rwxr-xr-x. Any link one normally makes has these permissions with the default umask controlling exactly what one gets. The man page for chmod says that the -H option lets you change the link's permissions, but I could never get it to work. The bits seem to stay the same no matter what. I discovered that I could delete the link, set my umask to 0 and remake it and I did get the right permissions which for the /home link are 777. This did not fix the problem, but I think there is probably another link I haven't noticed yet that is set wrong. What I found out is that the extraction process did not restore any of the links whose bits were all 1's. On one FreeBSD system, I have over 700 rwxrwxrwx links. On the cloned system I am trying to fix, I found only 5 and those were ones I had manually reset. My question is whether there is an easier way to set the bits on a link than deleting it, setting the umask to 0 and remaking it, of course, hoping that I don't botch the new link.:-) chmod -H 777 existing_link has no effect. Is there a proper way to do the tar extraction that faithfully preserves all the permissions? This is a mess, but at least I know what is most likely wrong now.