Date: Fri, 5 Sep 2008 23:49:33 -0700 From: "Joshua Piccari" <jpiccari@bblocked.org> To: freebsd-hackers@freebsd.org Subject: Re: Temp files in /etc Message-ID: <15d3bc360809052349t4e90e719tf82c5002a2d9e2d@mail.gmail.com> In-Reply-To: <20080906063113.GB77307@icarus.home.lan> References: <15d3bc360809051940t70f0b884mb9a80132acc50b45@mail.gmail.com> <20080906063113.GB77307@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 5, 2008 at 11:31 PM, Jeremy Chadwick <koitsu@freebsd.org> wrote: > On Fri, Sep 05, 2008 at 07:40:13PM -0700, Joshua Piccari wrote: > > Hi all, > > I am setting up a few jails and I want them all to use the same /etc > files > > (with the exception of the files related to the password files and > > databases), so I mounted a shared /etc folder as a nullfs with read-only > > permissions. The problem is that using utilities like pw or chpass create > > temporary files in /etc and that file system is mounted read-only. > > So is there a way to force any utilities that create temp files in /etc > to > > use another location, something like /usr/local/etc for example? > > I've had a chat with another user off-list about this, and the > conclusion reached is that your mounting of /etc read-only is a bad > idea, for many different reasons. Let's step through things slowly, so > that hopefully it'll make sense. > > Foremost, /etc is mounted read-only, so what purpose does it serve to be > using passwd or group-editing utilities on that system? You'd need r/w > access to be able to accomplish that. > > Secondly, utilities like vipw(8), chpass(1), pw(8), and many others all > create temporary files in /etc for security reasons: the temporary files > *must* be on the same filesystem. In your case, /etc is its own > filesystem, mounted read-only. So, placing the temporary files (e.g. > /etc/pw.XXXXXX when using vipw(8)) on a separate filesystem or separate > location is not plausible. Regarding the security implications, others > will have to chime in here. > > Thirdly, some (but not all) of the utilities support command-line flags > that allow an alternative directory to /etc: > > pw(8) -V flag > vipw(8) -d flag > pwd_mkdb(8) -d flag > chpass(1) no support > passwd(1) no support > rmuser(8) no support > adduser(8) no support > > Fourthly, there are periodic(8) scripts which explicitly refer to > /etc/master.passwd and do not support an alternative directory. Those > scripts will break, and disabling them is not recommended. > > Finally, some other caveats/situations which will likely arise: > > - The administrator (you) will have to remember to use the above flags > every time they use said utilities; chances are you'll forget, > especially since the flags aren't all the same, > - A user of your jail may become very surprised when they find > passwd, group, or other files missing from /etc, > - Third-party software which reads /etc/passwd or related files will > fail since you'd be using an alternative /etc directory. I'm > pretty sure we have some ports which use rmuser/adduser (meaning > the software itself, not necessarily the port installation part). > > Hope this sheds some light on things. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > Thanks so much Jeremy. You sure did give out lots of information. Unfortunately none that I can really use. Let me explain my situation a bit more. I have a shared /etc folder that is mounted read-only to the different jails that share it. Some of the configuration files which need to be dynamic from jail to jail are replaced with symbolic links to the jails /usr/local/etc folder. The reason for mount /etc as read-only is to ensure that none of the jails accidentally modify the configurations for all the jails sharing these configurations. However, there is an issue with creating temp files on a read-only system which means I will have to work around this somehow. I thought about setting the schg flag on all the files in the shared /etc folder but I don't want one jail to be able to add a rc.d script for every jail. Anyways, hope that helps clarify things. Also, is there a way to just move the password files/databases to /usr/local/etc instead, I vaguely remember something in one of the man pages about alternate passwd/master.passwd locations, probably the flags you noted above. I'll check that out more tomorrow after some good sleep. :) ~Joshua
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15d3bc360809052349t4e90e719tf82c5002a2d9e2d>