Why does Samba requires 777 permissions on /tmp
sindrome
sindrome at gmail.com
Sun May 19 00:52:20 UTC 2013
Thanks for that tip. I was hoping that was the root of it but upon looking
at my path, I don't have /tmp in there. II used to have the sticky bit set
on there. I just re-set it but portupgrade still keeps barking because it's
world writable. It seems that the conflict is Samba needs it to be world
writable and portupgrade hates it.
On Sat, May 18, 2013 at 6:46 PM, Bob Eager <rde at tavi.co.uk> wrote:
> On Sat, 18 May 2013 18:34:47 -0500
> sindrome <sindrome at gmail.com> wrote:
>
> > I just found myself troubleshooting an issue where my desktop machine
> > couldn't login to my local samba server unless I have the /tmp
> > directory permissions set to 777. I'd like to have it 775 not only
> > for security reasons but also because portupgrade always barks when
> > the tmp directory it set that way. Is there something that can be
> > tweaked in smb.conf so that I can authenticate without that?
> >
> > This was in the logs which led me to the root of the problem.
> > [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service)
> > chdir (/tmp) failed
> >
> > Once I changed it back to 777 the machine trust was working again.
> >
> > It seems that I could set the TMPDIR environmental variable to another
> > directory but that's the very same variable that portupgrade uses so
> > it would still have the same issue.
> >
> > These are the warnings that portupgrade gives if I keep the
> > permissions that way.
> >
> > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning:
> > Insecure world writable dir /tmp in PATH, mode 040777
> > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning:
> > Insecure world writable dir /tmp in PATH, mode 040777
> > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning:
> > Insecure world writable dir /tmp in PATH, mode 040777
> >
> > Any thoughts on how I can make Samba not require 777 on /tmp?
>
> The correct mode for /tmp is probably 1777 anyway. That allows anyone
> to create files there, but only they can manipulate them. See sticky(7).
>
> The implication of the error messages from portupgrade is that /tmp is
> in your PATH, which is pretty unusual. Check your .profile,
> login, .cshrc etc. and remove /tmp from any path settings. This is
> indeed a security risk!
>
> Do that, portupgrade will stop complaining, and the correct 1777 (or
> 777) setting will keep samba happy.
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>
More information about the freebsd-ports
mailing list