From owner-freebsd-questions@FreeBSD.ORG Tue Nov 1 17:14:47 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7EEF16A41F for ; Tue, 1 Nov 2005 17:14:47 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from rosebud.otenet.gr (rosebud.otenet.gr [195.170.0.94]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B38443D48 for ; Tue, 1 Nov 2005 17:14:45 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from flame.pc (aris.bedc.ondsl.gr [62.103.39.226]) by rosebud.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id jA1HEgr6021065; Tue, 1 Nov 2005 19:14:43 +0200 Received: from flame.pc (flame [127.0.0.1]) by flame.pc (8.13.4/8.13.4) with ESMTP id jA1HEekk094862; Tue, 1 Nov 2005 19:14:40 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by flame.pc (8.13.4/8.13.4/Submit) id jA1HEecr094861; Tue, 1 Nov 2005 19:14:40 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Date: Tue, 1 Nov 2005 19:14:40 +0200 From: Giorgos Keramidas To: Cerion Armour-Brown , freebsd-questions@freebsd.org Message-ID: <20051101171440.GA94847@flame.pc> References: <20051101105745.M78709@terpsichore.ws> <20051101124144.GA1568@flame.pc> <20051101125015.M15158@terpsichore.ws> <20051101125617.GA2318@flame.pc> <20051101131654.M27340@terpsichore.ws> <20051101132557.GA2732@flame.pc> <20051101133234.M61656@terpsichore.ws> <20051101134047.GA2897@flame.pc> <20051101170453.GA1889@slackbox.xs4all.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051101170453.GA1889@slackbox.xs4all.nl> Cc: Subject: Re: running subversion as non-root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Nov 2005 17:14:47 -0000 On 2005-11-01 18:04, Roland Smith wrote: >On Tue, Nov 01, 2005 at 03:40:47PM +0200, Giorgos Keramidas wrote: >>On 2005-11-01 08:32, Cerion Armour-Brown wrote: >>>On Tue, 1 Nov 2005 15:25:57 +0200, Giorgos Keramidas wrote >>>> If you used the standard Ports stuff to install these and they >>>> have these broken permissions, it may be a side-effect of a >>>> broken umask setting for the root user. >>>> >>>> What do you see if you log in as 'root' and issue: >>>> >>>> # umask >>>> >>>> Is this 0022 or something similar, or not? If not, what value >>>> does it print? >>> >>> ahh, that's interesting: mine is 0027 >> >> Ugh! That's a bit Evil(TM). It means all the files root creates get >> their 'other' permissions zeroed out unconditionally, so this explains >> why your libraries can only be used by people in the 'wheel' group. >> >> > I guess I should set that to 0022, and reinstall everything... (groan) >> >> Very likely. Sorry for the bad news :-/ > > You could also have find search for files with bad permissions, and > correct them with chmod. something like > > find /usr/local/lib -type f -perm 750 -name "*.so*|xargs chmod 755 > > (try the find part separately first) > > Something analogous can be done to bad binaries in /usr/local/bin. That will probably work. But it may still end up leaving stuff with the wrong set of permissions, i.e. for binaries that were really meant not to have execute permission by 'other' users. The safest path is to reinstall all ports in a clean /usr/local, if this doesn't cause an unacceptable amount of downtime ;)