Temp files in /etc

Jeremy Chadwick koitsu at FreeBSD.org
Sat Sep 6 06:31:15 UTC 2008 

On Fri, Sep 05, 2008 at 07:40:13PM -0700, Joshua Piccari wrote:
> Hi all,
> I am setting up a few jails and I want them all to use the same /etc files
> (with the exception of the files related to the password files and
> databases), so I mounted a shared /etc folder as a nullfs with read-only
> permissions. The problem is that using utilities like pw or chpass create
> temporary files in /etc and that file system is mounted read-only.
> So is there a way to force any utilities that create temp files in /etc to
> use another location, something like /usr/local/etc for example?

I've had a chat with another user off-list about this, and the
conclusion reached is that your mounting of /etc read-only is a bad
idea, for many different reasons.  Let's step through things slowly, so
that hopefully it'll make sense.

Foremost, /etc is mounted read-only, so what purpose does it serve to be
using passwd or group-editing utilities on that system?  You'd need r/w
access to be able to accomplish that.

Secondly, utilities like vipw(8), chpass(1), pw(8), and many others all
create temporary files in /etc for security reasons: the temporary files
*must* be on the same filesystem.  In your case, /etc is its own
filesystem, mounted read-only.  So, placing the temporary files (e.g.
/etc/pw.XXXXXX when using vipw(8)) on a separate filesystem or separate
location is not plausible.  Regarding the security implications, others
will have to chime in here.

Thirdly, some (but not all) of the utilities support command-line flags
that allow an alternative directory to /etc:

pw(8)		-V flag
vipw(8)		-d flag
pwd_mkdb(8)	-d flag
chpass(1)	no support
passwd(1)	no support
rmuser(8)	no support
adduser(8)	no support

Fourthly, there are periodic(8) scripts which explicitly refer to
/etc/master.passwd and do not support an alternative directory.  Those
scripts will break, and disabling them is not recommended.

Finally, some other caveats/situations which will likely arise:

- The administrator (you) will have to remember to use the above flags
  every time they use said utilities; chances are you'll forget,
  especially since the flags aren't all the same,
- A user of your jail may become very surprised when they find
  passwd, group, or other files missing from /etc,
- Third-party software which reads /etc/passwd or related files will
  fail since you'd be using an alternative /etc directory.  I'm
  pretty sure we have some ports which use rmuser/adduser (meaning
  the software itself, not necessarily the port installation part).

Hope this sheds some light on things.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the freebsd-hackers mailing list