Date: Tue, 1 Nov 2005 19:14:40 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Cerion Armour-Brown <cerion@terpsichore.ws>, freebsd-questions@freebsd.org Subject: Re: running subversion as non-root Message-ID: <20051101171440.GA94847@flame.pc> In-Reply-To: <20051101170453.GA1889@slackbox.xs4all.nl> References: <20051101105745.M78709@terpsichore.ws> <20051101124144.GA1568@flame.pc> <20051101125015.M15158@terpsichore.ws> <20051101125617.GA2318@flame.pc> <20051101131654.M27340@terpsichore.ws> <20051101132557.GA2732@flame.pc> <20051101133234.M61656@terpsichore.ws> <20051101134047.GA2897@flame.pc> <20051101170453.GA1889@slackbox.xs4all.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-11-01 18:04, Roland Smith <rsmith@xs4all.nl> wrote: >On Tue, Nov 01, 2005 at 03:40:47PM +0200, Giorgos Keramidas wrote: >>On 2005-11-01 08:32, Cerion Armour-Brown <cerion@terpsichore.ws> wrote: >>>On Tue, 1 Nov 2005 15:25:57 +0200, Giorgos Keramidas wrote >>>> If you used the standard Ports stuff to install these and they >>>> have these broken permissions, it may be a side-effect of a >>>> broken umask setting for the root user. >>>> >>>> What do you see if you log in as 'root' and issue: >>>> >>>> # umask >>>> >>>> Is this 0022 or something similar, or not? If not, what value >>>> does it print? >>> >>> ahh, that's interesting: mine is 0027 >> >> Ugh! That's a bit Evil(TM). It means all the files root creates get >> their 'other' permissions zeroed out unconditionally, so this explains >> why your libraries can only be used by people in the 'wheel' group. >> >> > I guess I should set that to 0022, and reinstall everything... (groan) >> >> Very likely. Sorry for the bad news :-/ > > You could also have find search for files with bad permissions, and > correct them with chmod. something like > > find /usr/local/lib -type f -perm 750 -name "*.so*|xargs chmod 755 > > (try the find part separately first) > > Something analogous can be done to bad binaries in /usr/local/bin. That will probably work. But it may still end up leaving stuff with the wrong set of permissions, i.e. for binaries that were really meant not to have execute permission by 'other' users. The safest path is to reinstall all ports in a clean /usr/local, if this doesn't cause an unacceptable amount of downtime ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051101171440.GA94847>