From owner-freebsd-questions@FreeBSD.ORG Sun Aug 3 00:01:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7C8D1746 for ; Sun, 3 Aug 2014 00:01:08 +0000 (UTC) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3F4F82FC6 for ; Sun, 3 Aug 2014 00:01:07 +0000 (UTC) Received: from r56.edvax.de (port-92-195-69-249.dynamic.qsc.de [92.195.69.249]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id 542573CC3F; Sun, 3 Aug 2014 02:01:06 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id s73016KZ002456; Sun, 3 Aug 2014 02:01:06 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sun, 3 Aug 2014 02:01:06 +0200 From: Polytropon To: "William A. Mahaffey III" Subject: Re: permission problems w/ ordinary user .... Message-Id: <20140803020106.9696cf18.freebsd@edvax.de> In-Reply-To: <53DD7AAD.4000902@hiwaay.net> References: <53DD742F.3020408@hiwaay.net> <20140803014039.75f4b2f9.freebsd@edvax.de> <53DD7AAD.4000902@hiwaay.net> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions !!!! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2014 00:01:08 -0000 On Sat, 02 Aug 2014 18:56:29 -0500, William A. Mahaffey III wrote: > On 08/02/14 18:40, Polytropon wrote: > > On Sat, 02 Aug 2014 18:28:47 -0500, William A. Mahaffey III wrote: > >> .... I have been trying to setup the regular user (me, non-root) on my > >> newly minted FreeBSD 9.3 box. I tried su-ing from tooy & ssh-ing in as > >> me from another box, both give weird results, see the following from my > >> syslog: > >> > >> [...] > >> Aug 2 18:23:01 kabini1 sshd[1252]: _secure_path: cannot stat > >> /home/wam/.login_conf: Permission denied > >> > >> > >> also, the home-directory keeps getting the 'x' permission bit set to off > >> by .... something .... > > I think you have described the reason for the problem: > > The x attribute for a directory means "enter and search" > > and should be _set_ for the user. If it's not, the user > > cannot enter his own home directory or access files > > within it. In this case, /home/wam/.login_conf cannot > > be read which seems to be neccessary for the login > > process. > > > > You need to find that "something" that created or altered > > /home/wam with the x attribute off. Login as root and > > correct the setting manually, so you should be able to > > login afterwards. > > > > This is how the resulting "ls -l /home" output it should > > look like for your user: > > > > drwx------ [...] wam wam [...] wam/ > > ^ > > > > (This is minimum permissions; drwxrwxr-x or drwxr-x--- > > are other common examples.) > > > > How did you introduce the user to the system? Did you > > use "adduser" or "pw add"? > > I used useradd as root, & the permissions were set correctly to begin > with. Okay, so a "problem upon initiation" does not occur. > I suspect that the failed logins are triggering the reset, but w/ > little proof .... This is _very_ strange. Do you have anything in your login scripts, like ~/.cshrc (or ~/.tcshrc), ~/.login or ~/.profile that looks "offending"? > I have reset the perms as root several times during > this exercise, & they keep getting unset after the login failure .... I'm not sure what part of the system could trigger that behavuiour, it just sounds totally wrong... However, you could run truss on an login attempt to see what the process does (invisibly), calling /bin/chmod via execve() or by chmod() or popen(). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...