From owner-freebsd-security@FreeBSD.ORG Fri Jan 19 23:12:29 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE55116A405 for ; Fri, 19 Jan 2007 23:12:29 +0000 (UTC) (envelope-from randy@psg.com) Received: from rip.psg.com (rip.psg.com [147.28.0.39]) by mx1.freebsd.org (Postfix) with ESMTP id C559213C442 for ; Fri, 19 Jan 2007 23:12:29 +0000 (UTC) (envelope-from randy@psg.com) Received: from localhost ([127.0.0.1] helo=roam.psg.com) by rip.psg.com with esmtp (Exim 4.66 (FreeBSD)) (envelope-from ) id 1H82uK-000L5V-Lf; Fri, 19 Jan 2007 23:12:28 +0000 Received: from localhost ([127.0.0.1] helo=roam.psg.com) by roam.psg.com with esmtp (Exim 4.66 (FreeBSD)) (envelope-from ) id 1H82uF-0006Dp-Uf; Fri, 19 Jan 2007 13:12:24 -1000 From: Randy Bush MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17841.20566.970406.261386@roam.psg.com> Date: Fri, 19 Jan 2007 15:12:22 -0800 To: Bigby Findrake References: <17832.37104.392873.671721@roam.psg.com> <17833.9470.515735.802136@roam.psg.com> <20070119145118.W94270@home.ephemeron.org> Cc: freebsd-security@freebsd.org Subject: Re: Permission denied by op X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jan 2007 23:12:29 -0000 >>> i am invoking op from a python proggy which does an op.system() of >>> op chmod 640 /usr/local/etc/tac_plus.conf >>> i get "Permission denied by op" >> btw, have tested with same invocation directly from /bin/sh. same >> result. i.e. it is not the python environment. >>> % ls -l /usr/local/etc/op.access >>> -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access >>> % cat /usr/local/etc/op.access >>> # 2007.01.13 >>> # >>> #DEFAULT users=src >>> # >>> chown /usr/sbin/chown $* ; users=src >>> chmod /bin/chmod $* ; users=src >>> rsync /usr/local/bin/rsync $* ; users=src >>> # >>> % id >>> uid=1007(src) gid=1006(srctree) groups=1006(srctree) >>> clue bat, please > Let me recap, and you correct me when I'm wrong: > * you're running as UID 1007. yes > * the file is owned by root. not exactly, the file i am trying to modify is owned by tacacs > * you're trying to chmod it and it's failing. it is failing rsync of the new copy owned by me over the copy owned by tacacs chown of the target file to tacacs chmod of the target file to 640 > Is that the situation so far? the situation now is that i ditched op and am using sudo randy