Why does Samba requires 777 permissions on /tmp

[sindrome]

I checked everywhere (in .cshrc etc..) as well as "echo $PATH" and /tmp is
not in there.  I'm not sure where it's picking up /tmp in the path


On Sun, May 19, 2013 at 2:36 AM, Chris Rees <utisoft at gmail.com> wrote:

>
> On 19 May 2013 00:34, "sindrome" <sindrome at gmail.com> wrote:
> >
> > I just found myself troubleshooting an issue where my desktop machine
> > couldn't login to my local samba server unless I have the /tmp directory
> > permissions set to 777.  I'd like to have it 775 not only for security
> > reasons but also because portupgrade always barks when the tmp directory
> it
> > set that way.  Is there something that can be tweaked in smb.conf so
> that I
> > can authenticate without that?
> >
> > This was in the logs which led me to the root of the problem.
> > [2013/05/18 13:31:01,  0] smbd/service.c:191(set_current_service) chdir
> > (/tmp) failed
> >
> > Once I changed it back to 777 the machine trust was working again.
> >
> > It seems that I could set the TMPDIR environmental variable to another
> > directory but that's the very same variable that portupgrade uses so it
> > would still have the same issue.
> >
> > These are the warnings that portupgrade gives if I keep the permissions
> > that way.
> >
> > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning:
> > Insecure world writable dir /tmp in PATH, mode 040777
> > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning:
> > Insecure world writable dir /tmp in PATH, mode 040777
> > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning:
> > Insecure world writable dir /tmp in PATH, mode 040777
> >
> > Any thoughts on how I can make Samba not require 777 on /tmp?
>
> It is quite honestly an awful idea to have /tmp in your PATH.  Remove it,
> and the complaints will stop.
>
> Consider an attacker dropping a load of executables into /tmp, perhaps
> called "portupgrad".  You tab-complete as root, and run that instead....
>
> Chris
>