Date: Tue, 24 Apr 2001 13:42:05 +1200 From: Jonathan Chen <jonathan.chen@itouch.co.nz> To: hulk <hulk-baillie@home.com> Cc: questions <freebsd-questions@FreeBSD.ORG> Subject: Re: problem??? in /etc/periodic/weekly/310.locate ??? Message-ID: <20010424134205.A4027@itouchnz.itouch> In-Reply-To: <3AE4D673.25BA2162@home.com>; from hulk-baillie@home.com on Mon, Apr 23, 2001 at 09:27:15PM -0400 References: <3AE4BEBF.728C627A@home.com> <20010424120640.A98872@itouchnz.itouch> <3AE4CCA2.B2FED509@home.com> <20010424124934.B99763@itouchnz.itouch> <3AE4D673.25BA2162@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 23, 2001 at 09:27:15PM -0400, hulk wrote:
> I am logged in as root and direct execution of the periodic script
> says "permision denied".
> If "nobody" is added to the "wheel" group the script is directly
> executable.
> I therefor doubt that the script and/or su run{s} as you say. The
> locate.database mod time
> will be change by the "touch" cmd but file will not be updated.
>
> Am I on the wrong track?
Yup. The su-behaviour you describe for `nobody:wheel' is incorrect,
easily provable on any fresh install of 4.X; root can su to anyone,
wheel group constaints are only required to su to root.
What I suspect is that one of the executables that is invoked by the
script has got the wrong permissions on it; ie it's got o= instead of
o=rx, that's why when you add nobody to the wheel group (which is very
bad a security risk), you can run the 310.locate script.
Check the permissions on /usr/libexec/locate.*. They should be
root:wheel with permissions of 555. If these look good, you may have
to do a `mtree' to clobber all your system permissions back into
place.
--
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
The Internet: an empirical test of the idea that a million monkeys
banging on a million keyboards can produce Shakespeare
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424134205.A4027>