Why does Samba requires 777 permissions on /tmp
Simon Wright
simon.wright at gmx.net
Mon May 20 21:58:29 UTC 2013
On 20/05/2013 15:38, Bob Eager wrote:
> On Mon, 20 May 2013 08:03:09 -0500
> sindrome <sindrome at gmail.com> wrote:
>
> What I think is happening is that portupgrade is building and running
> shell scripts in /tmp. It's running them with (in ruby):
>
> system('/tmp/script') [roughly]
>
> The ruby runtime is checking the *path-to-the-command* and THAT is what
> it's complaining about.
>
> Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world
> writable temporary directory.
>
> I have an older ports tree on this machine or I'd try it myself. I had
> to download the latest sources to check all this,
Trying to summarise what I've tested here with the results.
My PKG_TMPDIR and TMPDIR are set to /var/tmp:
pkgtools.conf:
ENV['TMPDIR'] ||= '/var/tmp'
ENV['PKG_TMPDIR'] ||= '/var/tmp'
ENV['PORTSDIR'] ||= '/usr/ports'
ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages'
from /usr/local/etc/sudoers:
# Uncomment if needed to preserve environmental variables related to the
# FreeBSD pkg_* utilities and fetch.
Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR
PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE"
[simon at vmserver04 ~]$ ls -ld /var/tmp
drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/
Note: /var/tmp is not world writeable
[simon at vmserver04 ~]$ echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/usr/local/scripts:
root at vmserver04:/root # echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
I run portupgrade via sudo but both $PATH's show no /tmp or .
[simon at vmserver04 ~]$ ruby -v
ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9]
portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and
management tool s
Other (not likely) relevant stuff:
- I have /usr/ports mounted rw with NFS
- I have the packages directory mounted rw with NFS and amd then
redefine $PACKAGES to point to the mount point
This has been working for several years with no issues
[simon at vmserver04 ~]$ sudo portupgrade -v portupgrade*
---> Reading default options: -v -D -l
/var/tmp/portupgrade.results_20130520-22:56:25 -L
/var/tmp/portupgrade/%s::%s.log
---> Session started at: Mon, 20 May 2013 22:56:26 +0200
** None has been installed or upgraded.
---> Saving the results to
'/var/tmp/portupgrade.results_20130520-22:56:25'
/usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning:
Insecure world writable dir /tmp/ in PATH, mode 041777
Still the complaint about /tmp/
[simon at vmserver04 ~]$ sudo chmod 1775 /tmp
[simon at vmserver04 ~]$ ls -ld /tmp
drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/
[simon at vmserver04 ~]$ sudo portupgrade -v portupgrade*
---> Reading default options: -v -D -l
/var/tmp/portupgrade.results_20130520-23:16:07 -L
/var/tmp/portupgrade/%s::%s.log
---> Session started at: Mon, 20 May 2013 23:16:07 +0200
** None has been installed or upgraded.
---> Saving the results to '/var/tmp
/portupgrade.results_20130520-23:16:07'
---> Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed
00:00:00)
No more complaint.
I can't read the portupgrade code well enough to see what it's doing
with the script, but if Bob is right that Ruby is running the
portupgrade commands from /tmp then the error is within the checks
in Ruby which is saying the 777 permission on /tmp is not
acceptable, 775 *is* acceptable. Which is strange since surely then
everyone with 777 permissions on /tmp would be seeing this message?
Does this get us any further?
Thanks for all the input, it is appreciated.
Cheers
Simon.
More information about the freebsd-ports
mailing list