Date: Sun, 19 May 2013 00:46:59 +0100 From: Bob Eager <rde@tavi.co.uk> To: freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <20130519004659.3d415b88@raksha.tavi.co.uk> In-Reply-To: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 18 May 2013 18:34:47 -0500 sindrome <sindrome@gmail.com> wrote: > I just found myself troubleshooting an issue where my desktop machine > couldn't login to my local samba server unless I have the /tmp > directory permissions set to 777. I'd like to have it 775 not only > for security reasons but also because portupgrade always barks when > the tmp directory it set that way. Is there something that can be > tweaked in smb.conf so that I can authenticate without that? > > This was in the logs which led me to the root of the problem. > [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) > chdir (/tmp) failed > > Once I changed it back to 777 the machine trust was working again. > > It seems that I could set the TMPDIR environmental variable to another > directory but that's the very same variable that portupgrade uses so > it would still have the same issue. > > These are the warnings that portupgrade gives if I keep the > permissions that way. > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: > Insecure world writable dir /tmp in PATH, mode 040777 > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: > Insecure world writable dir /tmp in PATH, mode 040777 > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: > Insecure world writable dir /tmp in PATH, mode 040777 > > Any thoughts on how I can make Samba not require 777 on /tmp? The correct mode for /tmp is probably 1777 anyway. That allows anyone to create files there, but only they can manipulate them. See sticky(7). The implication of the error messages from portupgrade is that /tmp is in your PATH, which is pretty unusual. Check your .profile, login, .cshrc etc. and remove /tmp from any path settings. This is indeed a security risk! Do that, portupgrade will stop complaining, and the correct 1777 (or 777) setting will keep samba happy.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130519004659.3d415b88>