From owner-freebsd-questions Mon Apr 23 19:57:21 2001 Delivered-To: freebsd-questions@freebsd.org Received: from femail24.sdc1.sfba.home.com (femail24.sdc1.sfba.home.com [24.0.95.149]) by hub.freebsd.org (Postfix) with ESMTP id B7B2537B424 for ; Mon, 23 Apr 2001 19:57:18 -0700 (PDT) (envelope-from hulk-baillie@home.com) Received: from home.com ([24.42.9.223]) by femail24.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with ESMTP id <20010424025718.DMPC640.femail24.sdc1.sfba.home.com@home.com>; Mon, 23 Apr 2001 19:57:18 -0700 Message-ID: <3AE4EBCA.ACDAA6FD@home.com> Date: Mon, 23 Apr 2001 22:58:18 -0400 From: hulk X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Jonathan Chen Cc: questions Subject: Re: problem??? in /etc/periodic/weekly/310.locate ??? References: <3AE4BEBF.728C627A@home.com> <20010424120640.A98872@itouchnz.itouch> <3AE4CCA2.B2FED509@home.com> <20010424124934.B99763@itouchnz.itouch> <3AE4D673.25BA2162@home.com> <20010424134205.A4027@itouchnz.itouch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jonathan Chen wrote: > > On Mon, Apr 23, 2001 at 09:27:15PM -0400, hulk wrote: > > > I am logged in as root and direct execution of the periodic script > > says "permision denied". > > If "nobody" is added to the "wheel" group the script is directly > > executable. > > I therefor doubt that the script and/or su run{s} as you say. The > > locate.database mod time > > will be change by the "touch" cmd but file will not be updated. > > > > Am I on the wrong track? > > Yup. The su-behaviour you describe for `nobody:wheel' is incorrect, > easily provable on any fresh install of 4.X; root can su to anyone, > wheel group constaints are only required to su to root. > > What I suspect is that one of the executables that is invoked by the > script has got the wrong permissions on it; ie it's got o= instead of > o=rx, that's why when you add nobody to the wheel group (which is very > bad a security risk), you can run the 310.locate script. > > Check the permissions on /usr/libexec/locate.*. They should be > root:wheel with permissions of 555. If these look good, you may have > to do a `mtree' to clobber all your system permissions back into > place. > -- > Jonathan Chen > ---------------------------------------------------------------------- > The Internet: an empirical test of the idea that a million monkeys > banging on a million keyboards can produce Shakespeare You're absolutely right. Fixed with mtree and /etc/mtree/BSD.root.dist. Mystifying since I have not touched any of these files since installing 4.2-RELEASE on Jan 18. Thank you for your help and perspicacity!!! Al To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message