On 19 May 2013 00:34, "sindrome" <sindr...@gmail.com> wrote: > > I just found myself troubleshooting an issue where my desktop machine > couldn't login to my local samba server unless I have the /tmp directory > permissions set to 777. I'd like to have it 775 not only for security > reasons but also because portupgrade always barks when the tmp directory it > set that way. Is there something that can be tweaked in smb.conf so that I > can authenticate without that? > > This was in the logs which led me to the root of the problem. > [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir > (/tmp) failed > > Once I changed it back to 777 the machine trust was working again. > > It seems that I could set the TMPDIR environmental variable to another > directory but that's the very same variable that portupgrade uses so it > would still have the same issue. > > These are the warnings that portupgrade gives if I keep the permissions > that way. > > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: > Insecure world writable dir /tmp in PATH, mode 040777 > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: > Insecure world writable dir /tmp in PATH, mode 040777 > /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: > Insecure world writable dir /tmp in PATH, mode 040777 > > Any thoughts on how I can make Samba not require 777 on /tmp?
It is quite honestly an awful idea to have /tmp in your PATH. Remove it, and the complaints will stop. Consider an attacker dropping a load of executables into /tmp, perhaps called "portupgrad". You tab-complete as root, and run that instead.... Chris _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
