Date: Sun, 19 May 2013 09:56:14 +0700 From: Erich Dollansky <erich@alogt.com> To: sindrome <sindrome@gmail.com> Cc: Bob Eager <rde@tavi.co.uk>, freebsd-ports@freebsd.org Subject: Re: Why does Samba requires 777 permissions on /tmp Message-ID: <20130519095614.4bcf7f64@X220.ovitrap.com> In-Reply-To: <CAFzAeSdoJEno2638-Lr4MMuxk9CmorPn6uCGbGs34Y1myw-W-A@mail.gmail.com> References: <CAFzAeSdgRotc34%2BeyfVHZBA-QGUCWJ1MZDYw1ysRxEV9MhG2BQ@mail.gmail.com> <20130519004659.3d415b88@raksha.tavi.co.uk> <CAFzAeSdoJEno2638-Lr4MMuxk9CmorPn6uCGbGs34Y1myw-W-A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sat, 18 May 2013 19:52:19 -0500 sindrome <sindrome@gmail.com> wrote: > Thanks for that tip. I was hoping that was the root of it but upon > looking at my path, I don't have /tmp in there. II used to have the > sticky bit set on there. I just re-set it but portupgrade still keeps > barking because it's world writable. It seems that the conflict is > Samba needs it to be world writable and portupgrade hates it. > this is all really weird. /tmp is meant to be written by everyone on the machine. The elements inside /tmp can have then any other settings. Your problem must be caused by something else. At least, I cannot remember to ever have seen /tmp with a different setting than 0777. Erich > > On Sat, May 18, 2013 at 6:46 PM, Bob Eager <rde@tavi.co.uk> wrote: > > > On Sat, 18 May 2013 18:34:47 -0500 > > sindrome <sindrome@gmail.com> wrote: > > > > > I just found myself troubleshooting an issue where my desktop > > > machine couldn't login to my local samba server unless I have > > > the /tmp directory permissions set to 777. I'd like to have it > > > 775 not only for security reasons but also because portupgrade > > > always barks when the tmp directory it set that way. Is there > > > something that can be tweaked in smb.conf so that I can > > > authenticate without that? > > > > > > This was in the logs which led me to the root of the problem. > > > [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) > > > chdir (/tmp) failed > > > > > > Once I changed it back to 777 the machine trust was working again. > > > > > > It seems that I could set the TMPDIR environmental variable to > > > another directory but that's the very same variable that > > > portupgrade uses so it would still have the same issue. > > > > > > These are the warnings that portupgrade gives if I keep the > > > permissions that way. > > > > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: > > > warning: Insecure world writable dir /tmp in PATH, mode 040777 > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: > > > warning: Insecure world writable dir /tmp in PATH, mode 040777 > > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: > > > warning: Insecure world writable dir /tmp in PATH, mode 040777 > > > > > > Any thoughts on how I can make Samba not require 777 on /tmp? > > > > The correct mode for /tmp is probably 1777 anyway. That allows > > anyone to create files there, but only they can manipulate them. > > See sticky(7). > > > > The implication of the error messages from portupgrade is that /tmp > > is in your PATH, which is pretty unusual. Check your .profile, > > login, .cshrc etc. and remove /tmp from any path settings. This is > > indeed a security risk! > > > > Do that, portupgrade will stop complaining, and the correct 1777 (or > > 777) setting will keep samba happy. > > _______________________________________________ > > freebsd-ports@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > > To unsubscribe, send any mail to > > "freebsd-ports-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to > "freebsd-ports-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130519095614.4bcf7f64>