Why does Samba requires 777 permissions on /tmp
Simon Wright
simon.wright at gmx.net
Sun May 19 20:25:24 UTC 2013
On 05/19/13 20:56, Bob Eager wrote:
> On Sun, 19 May 2013 13:34:49 -0500
> sindrome <sindrome at gmail.com> wrote:
>
>> can't authenticate to my samba server. There has to be a root of
>> this problem to make them both work. Is there some other place
>> portupgrade is having /tmp amended on without it being in my $PATH?
>
> I went back and had a closer look at your error message. What I hadn't
> done (and neither had you, prior to that) was read and fully digest the
> error message.
>
> portupgrade is calling its 'system()' function to run a command. The
> Ruby runtime does a sanity check to make sure that the directories in
> the path are secure...and /tmp isn't. I suspect that portupgrade puts
> temporary scripts into /tmp, then executes them; this implies that it's
> probably chdir'ing to /tmp, then haveing '.' in thge path, or even just
> adding /tmp to the path, although I don't think so.
>
> Anyway, what's insecure is that you don't have the sticky bit set. If
> you use:
>
> chmod 1777 /tmp
>
> it ought to all work.
Unfortunately it doesn't - for me at least! Here's the error I get
from portupgrade on (all of) my FreeBSD boxes:
[simon at vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin
---> Session started at: Sun, 19 May 2013 21:11:25 +0200
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
AFAIR this started around the time of the last Ruby update over a
year ago, the change and subsequent rollback to making the default
version of Ruby 1.9. I'm using 1.8.7 which I believe is still the
FBSD default version. Is anyone seeing this issue using Ruby 1.9?
I definitely do not have /tmp in my $PATH.
Cheers
Simon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3750 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20130519/9d0a50af/attachment.bin>
More information about the freebsd-ports
mailing list