From owner-freebsd-security@FreeBSD.ORG Fri Jan 19 23:13:02 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 645F616A400 for ; Fri, 19 Jan 2007 23:13:02 +0000 (UTC) (envelope-from bigby@ephemeron.org) Received: from dsl.ephemeron.org (dsl092-035-072.lax1.dsl.speakeasy.net [66.92.35.72]) by mx1.freebsd.org (Postfix) with ESMTP id 2BD9913C457 for ; Fri, 19 Jan 2007 23:13:02 +0000 (UTC) (envelope-from bigby@ephemeron.org) Received: from home.ephemeron.org (root@home.fake.net [10.0.2.3]) by dsl.ephemeron.org (8.12.11/8.12.11) with ESMTP id l0JMtUoe068775; Fri, 19 Jan 2007 14:55:31 -0800 (PST) (envelope-from bigby@ephemeron.org) Received: from home.ephemeron.org (bigby@localhost [127.0.0.1]) by home.ephemeron.org (8.13.6/8.13.8) with ESMTP id l0JMtAFW010203; Fri, 19 Jan 2007 14:55:30 -0800 (PST) (envelope-from bigby@ephemeron.org) Received: from localhost (bigby@localhost) by home.ephemeron.org (8.13.6/8.13.8/Submit) with ESMTP id l0JMt5qp010200; Fri, 19 Jan 2007 14:55:06 -0800 (PST) (envelope-from bigby@ephemeron.org) X-Authentication-Warning: home.ephemeron.org: bigby owned process doing -bs Date: Fri, 19 Jan 2007 14:55:05 -0800 (PST) From: Bigby Findrake To: Randy Bush In-Reply-To: <17833.9470.515735.802136@roam.psg.com> Message-ID: <20070119145118.W94270@home.ephemeron.org> References: <17832.37104.392873.671721@roam.psg.com> <17833.9470.515735.802136@roam.psg.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (dsl.ephemeron.org [10.0.2.2]); Fri, 19 Jan 2007 14:55:31 -0800 (PST) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (home.ephemeron.org [127.0.0.1]); Fri, 19 Jan 2007 14:55:30 -0800 (PST) Cc: freebsd-security@freebsd.org Subject: Re: Permission denied by op X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Jan 2007 23:13:02 -0000 On Sat, 13 Jan 2007, Randy Bush wrote: >> i am invoking op from a python proggy which does an op.system() of >> op chmod 640 /usr/local/etc/tac_plus.conf >> i get "Permission denied by op" > > btw, have tested with same invocation directly from /bin/sh. same > result. i.e. it is not the python environment. > >> % ls -l /usr/local/etc/op.access >> -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access >> >> % cat /usr/local/etc/op.access >> # 2007.01.13 >> # >> #DEFAULT users=src >> # >> chown /usr/sbin/chown $* ; users=src >> chmod /bin/chmod $* ; users=src >> rsync /usr/local/bin/rsync $* ; users=src >> # >> >> % id >> uid=1007(src) gid=1006(srctree) groups=1006(srctree) >> >> clue bat, please Let me recap, and you correct me when I'm wrong: * you're running as UID 1007. * the file is owned by root. * you're trying to chmod it and it's failing. Is that the situation so far? -- Nearly all men can stand adversity, but if you want to test a man's character, give him power. -- Abraham Lincoln finger://bigby@home.ephemeron.org http://www.ephemeron.org/~bigby/ irc://irc.ephemeron.org/#the_pub news://news.ephemeron.org/alt.lemurs