Re: Why does Samba requires 777 permissions on /tmp
Hi Guys, I just got home from being out of town and the problem still persists even after I removed . from my path. echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin: Here's what I get when I portupgrade an outdated port. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 20, 2013 at 4:58 PM, Simon Wright simon.wri...@gmx.net wrote: On 20/05/2013 15:38, Bob Eager wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaultsenv_keep += PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-22:**56:25 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp/portupgrade.results_20130520-22** :56:25' /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-23:**16:07 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp /portupgrade.results_20130520-23:16:07' --- Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00) No more complaint. I can't read the portupgrade code well enough to see what it's doing with the script, but if Bob is right that Ruby is running the portupgrade commands from /tmp then the error is within the checks in Ruby which is saying the 777 permission on /tmp is not acceptable, 775 *is* acceptable. Which is strange since surely then everyone with 777 permissions on /tmp would be seeing this message? Does this get us any further? Thanks for all the input, it is appreciated. Cheers Simon. __**_ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-portshttp://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to
Re: Why does Samba requires 777 permissions on /tmp
Did you try changing PKG_TMPDIR as I suggested? (see below) On Mon, 27 May 2013 14:45:05 -0500 sindrome sindr...@gmail.com wrote: Hi Guys, I just got home from being out of town and the problem still persists even after I removed . from my path. echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin: Here's what I get when I portupgrade an outdated port. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 20, 2013 at 4:58 PM, Simon Wright simon.wri...@gmx.net wrote: On 20/05/2013 15:38, Bob Eager wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaultsenv_keep += PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-22:**56:25 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp/portupgrade.results_20130520-22** :56:25' /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-23:**16:07 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp /portupgrade.results_20130520-23:16:07' --- Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00) No more complaint. I can't read the portupgrade code well enough to see what it's doing with the script, but if Bob is right that Ruby is running the portupgrade commands from /tmp then the error is within the checks in Ruby which is saying the 777 permission on /tmp is not acceptable, 775 *is* acceptable. Which is strange since surely then everyone with 777 permissions on /tmp would be seeing this message? Does this get us any further? Thanks for all the input, it is appreciated. Cheers Simon.
Re: Why does Samba requires 777 permissions on /tmp
Hi Bob, I just went into /usr/local/etc/pkgtools.conf and changed the PKG_TMPDIR variable to a non-world writable directory called /build and still see the warnings below: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 27, 2013 at 2:54 PM, Bob Eager r...@tavi.co.uk wrote: Did you try changing PKG_TMPDIR as I suggested? (see below) On Mon, 27 May 2013 14:45:05 -0500 sindrome sindr...@gmail.com wrote: Hi Guys, I just got home from being out of town and the problem still persists even after I removed . from my path. echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin: Here's what I get when I portupgrade an outdated port. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 20, 2013 at 4:58 PM, Simon Wright simon.wri...@gmx.net wrote: On 20/05/2013 15:38, Bob Eager wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaultsenv_keep += PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-22:**56:25 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp/portupgrade.results_20130520-22** :56:25' /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-23:**16:07 -L
Re: Why does Samba requires 777 permissions on /tmp
On 27 May 2013 20:45, sindrome sindr...@gmail.com wrote: Hi Guys, I just got home from being out of town and the problem still persists even after I removed . from my path. echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin: Remove the trailing : too? Chris Here's what I get when I portupgrade an outdated port. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 20, 2013 at 4:58 PM, Simon Wright simon.wri...@gmx.net wrote: On 20/05/2013 15:38, Bob Eager wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaultsenv_keep += PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-22:**56:25 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp/portupgrade.results_20130520-22** :56:25' /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-23:**16:07 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp /portupgrade.results_20130520-23:16:07' --- Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00) No more complaint. I can't read the portupgrade code well enough to see what it's doing with the script, but if Bob is right that Ruby is running the portupgrade commands from /tmp then the error is within the checks in Ruby which is saying the 777 permission on /tmp is not acceptable, 775 *is* acceptable. Which is strange since surely then everyone with 777 permissions on /tmp would be seeing this message? Does this get us any further? Thanks for all the input, it is appreciated. Cheers Simon. __**_ freebsd-ports@freebsd.org mailing list
Re: Why does Samba requires 777 permissions on /tmp
Chris, That did it! Thanks so much for the help. Just in case if anyone else is reading this long thread, you cannot have a colon period (:.) at the end of your pathmeaning do not include the current directory as part of the $path On Mon, May 27, 2013 at 3:54 PM, Chris Rees utis...@gmail.com wrote: On 27 May 2013 20:45, sindrome sindr...@gmail.com wrote: Hi Guys, I just got home from being out of town and the problem still persists even after I removed . from my path. echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin: Remove the trailing : too? Chris Here's what I get when I portupgrade an outdated port. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 On Mon, May 20, 2013 at 4:58 PM, Simon Wright simon.wri...@gmx.net wrote: On 20/05/2013 15:38, Bob Eager wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaultsenv_keep += PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/usr/X11R6/bin:/**usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:**/usr/games:/usr/local/sbin:/** usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-22:**56:25 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp/portupgrade.results_20130520-22 ** :56:25' /usr/local/lib/ruby/site_ruby/**1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_ 20130520-23:**16:07 -L /var/tmp/portupgrade/%s::%s.**log --- Session started at: Mon, 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp /portupgrade.results_20130520-23:16:07' --- Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00) No more complaint. I can't read the portupgrade code well enough to see what it's doing with the script, but if Bob is right that Ruby is running the portupgrade
Re: Why does Samba requires 777 permissions on /tmp
At Sat, 18 May 2013 18:34:47 -0500, sindrome wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 At Sun, 19 May 2013 23:31:21 -0500, sindrome wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 At Sun, 19 May 2013 21:30:03 +0200, Simon Wright wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /tmp /tmp/. /tmp/ Interesting three different messages. It looks like three different entities adds their own value to your PATH. What you guys should do first is to find who sets stupid PATH for you. I don't suppose portupgrade does. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Looks like a step in the right direction. How do I troubleshoot to figure out what application is appending/changing the value of PATH? On Mon, May 20, 2013 at 2:56 AM, poyop...@puripuri.plala.or.jp wrote: At Sat, 18 May 2013 18:34:47 -0500, sindrome wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 At Sun, 19 May 2013 23:31:21 -0500, sindrome wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 At Sun, 19 May 2013 21:30:03 +0200, Simon Wright wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /tmp /tmp/. /tmp/ Interesting three different messages. It looks like three different entities adds their own value to your PATH. What you guys should do first is to find who sets stupid PATH for you. I don't suppose portupgrade does. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: Looks like a step in the right direction. How do I troubleshoot to figure out what application is appending/changing the value of PATH? Nothing is. As far as I can see. What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Just out of curiosity, what is your PATH set to in whatever console/terminal window before you run portupgrade ( echo $PATH )? On Mon, May 20, 2013 at 08:03:09AM -0500, sindrome wrote: Looks like a step in the right direction. How do I troubleshoot to figure out what application is appending/changing the value of PATH? On Mon, May 20, 2013 at 2:56 AM, poyop...@puripuri.plala.or.jp wrote: At Sat, 18 May 2013 18:34:47 -0500, sindrome wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 At Sun, 19 May 2013 23:31:21 -0500, sindrome wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 At Sun, 19 May 2013 21:30:03 +0200, Simon Wright wrote: /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 /tmp /tmp/. /tmp/ Interesting three different messages. It looks like three different entities adds their own value to your PATH. What you guys should do first is to find who sets stupid PATH for you. I don't suppose portupgrade does. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Hi, On Mon, 20 May 2013 14:38:53 +0100 Bob Eager r...@tavi.co.uk wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: Looks like a step in the right direction. How do I troubleshoot to figure out what application is appending/changing the value of PATH? Nothing is. As far as I can see. What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): the error message comes from a line like this: system('/tmp/script') [roughly] I do not know Ruby. But I am sure that there is somebody here who is able to tell the original writer what to insert to get the command to be executed to be printed. Then we will see what it is. Erich ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/local/lib32/compat:/usr/X11R6/bin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/local/etc::/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:. On Mon, May 20, 2013 at 10:19 AM, Erich Dollansky erichsfreebsdl...@alogt.com wrote: Hi, On Mon, 20 May 2013 14:38:53 +0100 Bob Eager r...@tavi.co.uk wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: Looks like a step in the right direction. How do I troubleshoot to figure out what application is appending/changing the value of PATH? Nothing is. As far as I can see. What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): the error message comes from a line like this: system('/tmp/script') [roughly] I do not know Ruby. But I am sure that there is somebody here who is able to tell the original writer what to insert to get the command to be executed to be printed. Then we will see what it is. Erich ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 20 May 2013 16:53, sindrome sindr...@gmail.com wrote: echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/local/lib32/compat:/usr/X11R6/bin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/local/etc::/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:. Why is there so much there?? You really need to strip that down, and your problems probably stem from the . in there. Also /usr/X11R6 is a symlink to /usr/local, so you can remove that too. Lib, lib32/compat, /usr/local/etc are inappropriate for PATH, they don't contain programs you should normally execute. Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Some are just document directories in my home. Do you have a suggested PATH that I can use On Mon, May 20, 2013 at 11:02 AM, Chris Rees utis...@gmail.com wrote: On 20 May 2013 16:53, sindrome sindr...@gmail.com wrote: echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/local/lib32/compat:/usr/X11R6/bin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/local/etc::/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:. Why is there so much there?? You really need to strip that down, and your problems probably stem from the . in there. Also /usr/X11R6 is a symlink to /usr/local, so you can remove that too. Lib, lib32/compat, /usr/local/etc are inappropriate for PATH, they don't contain programs you should normally execute. Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 20 May 2013 17:07, sindrome sindr...@gmail.com wrote: Some are just document directories in my home. Do you have a suggested PATH that I can use Default PATH is good, from /etc/profile. Adding ~/bin won't hurt, if you like that. Chris On Mon, May 20, 2013 at 11:02 AM, Chris Rees utis...@gmail.com wrote: On 20 May 2013 16:53, sindrome sindr...@gmail.com wrote: echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/local/lib32/compat:/usr/X11R6/bin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/local/etc::/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:. Why is there so much there?? You really need to strip that down, and your problems probably stem from the . in there. Also /usr/X11R6 is a symlink to /usr/local, so you can remove that too. Lib, lib32/compat, /usr/local/etc are inappropriate for PATH, they don't contain programs you should normally execute. Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
I modified the PATH to remove those items you mentioned but I'm still getting the following when I portupgrade. How can I track down what is amending /tmp onto the PATH? /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 /usr/local/sbin/portsclean:314: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 On Mon, May 20, 2013 at 11:09 AM, Chris Rees utis...@gmail.com wrote: On 20 May 2013 17:07, sindrome sindr...@gmail.com wrote: Some are just document directories in my home. Do you have a suggested PATH that I can use Default PATH is good, from /etc/profile. Adding ~/bin won't hurt, if you like that. Chris On Mon, May 20, 2013 at 11:02 AM, Chris Rees utis...@gmail.com wrote: On 20 May 2013 16:53, sindrome sindr...@gmail.com wrote: echo $PATH /bin:/usr/lib:/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/local/lib32/compat:/usr/X11R6/bin:/home/sindrome/.gnupg:/home/sindrome/bin:/home/sindrome/docs:/home/sindrome/docs/info:/home/sindrome/docs/config:/sbin:/bin:/etc:/usr/local/etc::/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:. Why is there so much there?? You really need to strip that down, and your problems probably stem from the . in there. Also /usr/X11R6 is a symlink to /usr/local, so you can remove that too. Lib, lib32/compat, /usr/local/etc are inappropriate for PATH, they don't contain programs you should normally execute. Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Mon, May 20, 2013 at 7:20 AM, Erich Dollansky erichsfreebsdl...@alogt.com wrote: Could it be that we all got this message but did not bother because we get so many warnings during an upgrade? Nope. FWIW, portupgrade works without errors here. tingo@kg-v2$ uname -a FreeBSD kg-v2.kg4.no 8.3-STABLE FreeBSD 8.3-STABLE #6: Fri Apr 27 23:50:55 CEST 2012 r...@kg-v2.kg4.no:/usr/obj/usr/src/sys/GENERIC amd64 tingo@kg-v2$ portversion -v portupgrade* portupgrade-2.4.10.5_1,2= up-to-date with port HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. On Mon, May 20, 2013 at 11:39 AM, Torfinn Ingolfsen tin...@gmail.comwrote: On Mon, May 20, 2013 at 7:20 AM, Erich Dollansky erichsfreebsdl...@alogt.com wrote: Could it be that we all got this message but did not bother because we get so many warnings during an upgrade? Nope. FWIW, portupgrade works without errors here. tingo@kg-v2$ uname -a FreeBSD kg-v2.kg4.no 8.3-STABLE FreeBSD 8.3-STABLE #6: Fri Apr 27 23:50:55 CEST 2012 r...@kg-v2.kg4.no:/usr/obj/usr/src/sys/GENERIC amd64 tingo@kg-v2$ portversion -v portupgrade* portupgrade-2.4.10.5_1,2= up-to-date with port HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Mon, May 20, 2013 at 6:45 PM, sindrome sindr...@gmail.com wrote: Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. Well, start by taking the current directory ('.') out of your PATH. (It is bad, for a number of reasons). HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Fair enough but that's not the root of this problem I'm sure On Mon, May 20, 2013 at 11:47 AM, Torfinn Ingolfsen tin...@gmail.comwrote: On Mon, May 20, 2013 at 6:45 PM, sindrome sindr...@gmail.com wrote: Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. Well, start by taking the current directory ('.') out of your PATH. (It is bad, for a number of reasons). HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Ok, I've discovered a combination of things that will reproduce that message, and it REALLY does come down to NOT HAVING '.' IN YOUR PATH, especially for user root. If I don't have '.' in my path, I can cd to any directory and Ruby will not complain when I run the system() command (or the equivilent using backticks). If I put '.' in my path and cd to any world-writable directory (and /tmp is one of those and needs to be), I get the warning (...world writable dir directory/. My guess is 1) you have '.' in your path, and 2) you're running portupgrade after you've cd'd to /tmp... On Mon, May 20, 2013 at 11:49:08AM -0500, sindrome wrote: Fair enough but that's not the root of this problem I'm sure On Mon, May 20, 2013 at 11:47 AM, Torfinn Ingolfsen tin...@gmail.comwrote: On Mon, May 20, 2013 at 6:45 PM, sindrome sindr...@gmail.com wrote: Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. Well, start by taking the current directory ('.') out of your PATH. (It is bad, for a number of reasons). HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
You are not 'sure'. Please do not solicit help and claim that you know better-- I told you hours ago to remove . from your path. Chris On 20 May 2013 17:49, sindrome sindr...@gmail.com wrote: Fair enough but that's not the root of this problem I'm sure On Mon, May 20, 2013 at 11:47 AM, Torfinn Ingolfsen tin...@gmail.comwrote: On Mon, May 20, 2013 at 6:45 PM, sindrome sindr...@gmail.com wrote: Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. Well, start by taking the current directory ('.') out of your PATH. (It is bad, for a number of reasons). HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Apologies Chris. I removed it but am out of town so will have to test next week. I appreciate all your help. I'll let you know if that makes it go away. On Mon, May 20, 2013 at 1:04 PM, Chris Rees cr...@freebsd.org wrote: You are not 'sure'. Please do not solicit help and claim that you know better-- I told you hours ago to remove . from your path. Chris On 20 May 2013 17:49, sindrome sindr...@gmail.com wrote: Fair enough but that's not the root of this problem I'm sure On Mon, May 20, 2013 at 11:47 AM, Torfinn Ingolfsen tin...@gmail.com wrote: On Mon, May 20, 2013 at 6:45 PM, sindrome sindr...@gmail.com wrote: Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. Well, start by taking the current directory ('.') out of your PATH. (It is bad, for a number of reasons). HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Please let us know if it's still a problem and we can narrow it down further. :) Chris On 20 May 2013 20:20, sindrome sindr...@gmail.com wrote: Apologies Chris. I removed it but am out of town so will have to test next week. I appreciate all your help. I'll let you know if that makes it go away. On Mon, May 20, 2013 at 1:04 PM, Chris Rees cr...@freebsd.org wrote: You are not 'sure'. Please do not solicit help and claim that you know better-- I told you hours ago to remove . from your path. Chris On 20 May 2013 17:49, sindrome sindr...@gmail.com wrote: Fair enough but that's not the root of this problem I'm sure On Mon, May 20, 2013 at 11:47 AM, Torfinn Ingolfsen tin...@gmail.com wrote: On Mon, May 20, 2013 at 6:45 PM, sindrome sindr...@gmail.com wrote: Clearly I'm not the only one with this problem. Something is amending onto the PATH and I'd like to get to the bottom of this. I'm sure it will help a lot of people. Well, start by taking the current directory ('.') out of your PATH. (It is bad, for a number of reasons). HTH -- Regards, Torfinn Ingolfsen ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 20/05/2013 15:38, Bob Eager wrote: On Mon, 20 May 2013 08:03:09 -0500 sindrome sindr...@gmail.com wrote: What I think is happening is that portupgrade is building and running shell scripts in /tmp. It's running them with (in ruby): system('/tmp/script') [roughly] The ruby runtime is checking the *path-to-the-command* and THAT is what it's complaining about. Try setting PKG_TMPDIR (in pkgtools.conf) to some suitable non world writable temporary directory. I have an older ports tree on this machine or I'd try it myself. I had to download the latest sources to check all this, Trying to summarise what I've tested here with the results. My PKG_TMPDIR and TMPDIR are set to /var/tmp: pkgtools.conf: ENV['TMPDIR'] ||= '/var/tmp' ENV['PKG_TMPDIR'] ||= '/var/tmp' ENV['PORTSDIR'] ||= '/usr/ports' ENV['PACKAGES'] ||= ENV['PORTSDIR'] + '/packages' from /usr/local/etc/sudoers: # Uncomment if needed to preserve environmental variables related to the # FreeBSD pkg_* utilities and fetch. Defaultsenv_keep += PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE [simon@vmserver04 ~]$ ls -ld /var/tmp drwxrwxr-t 9 root wheel 33280 May 20 23:02 /var/tmp/ Note: /var/tmp is not world writeable [simon@vmserver04 ~]$ echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/usr/local/scripts: root@vmserver04:/root # echo $PATH /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin I run portupgrade via sudo but both $PATH's show no /tmp or . [simon@vmserver04 ~]$ ruby -v ruby 1.8.7 (2012-10-12 patchlevel 371) [amd64-freebsd9] portupgrade-2.4.10.5_1,2 FreeBSD ports/packages administration and management tool s Other (not likely) relevant stuff: - I have /usr/ports mounted rw with NFS - I have the packages directory mounted rw with NFS and amd then redefine $PACKAGES to point to the mount point This has been working for several years with no issues [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_20130520-22:56:25 -L /var/tmp/portupgrade/%s::%s.log --- Session started at: Mon, 20 May 2013 22:56:26 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp/portupgrade.results_20130520-22:56:25' /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 Still the complaint about /tmp/ [simon@vmserver04 ~]$ sudo chmod 1775 /tmp [simon@vmserver04 ~]$ ls -ld /tmp drwxrwxr-t 9 root wheel 1024 May 20 23:16 /tmp/ [simon@vmserver04 ~]$ sudo portupgrade -v portupgrade* --- Reading default options: -v -D -l /var/tmp/portupgrade.results_20130520-23:16:07 -L /var/tmp/portupgrade/%s::%s.log --- Session started at: Mon, 20 May 2013 23:16:07 +0200 ** None has been installed or upgraded. --- Saving the results to '/var/tmp /portupgrade.results_20130520-23:16:07' --- Session ended at: Mon, 20 May 2013 23:16:08 +0200 (consumed 00:00:00) No more complaint. I can't read the portupgrade code well enough to see what it's doing with the script, but if Bob is right that Ruby is running the portupgrade commands from /tmp then the error is within the checks in Ruby which is saying the 777 permission on /tmp is not acceptable, 775 *is* acceptable. Which is strange since surely then everyone with 777 permissions on /tmp would be seeing this message? Does this get us any further? Thanks for all the input, it is appreciated. Cheers Simon. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 19/05/2013 03:56, Erich Dollansky wrote: Your problem must be caused by something else. At least, I cannot remember to ever have seen /tmp with a different setting than 0777. I hope you mean 1777 (drwxrwxrwt) there. That sticky bit is important. Without it there are a number of nasty attack possibilities involving things like using a race condition and craftily modifying a sym-link to trick root into overwriting an important file. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Why does Samba requires 777 permissions on /tmp
Hi, On Sun, 19 May 2013 07:06:46 +0100 Matthew Seaman matt...@freebsd.org wrote: On 19/05/2013 03:56, Erich Dollansky wrote: Your problem must be caused by something else. At least, I cannot remember to ever have seen /tmp with a different setting than 0777. I hope you mean 1777 (drwxrwxrwt) there. That sticky bit is I only wanted to note that it is octal. important. Without it there are a number of nasty attack possibilities involving things like using a race condition and craftily modifying a sym-link to trick root into overwriting an important file. I did not think of this at all when I have written my response. Of course, it has to be set and it is set on my machine. I was focusing only on the fact that all users of a system must be able to write to /tmp. Erich Cheers, Matthew ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sat, 18 May 2013 19:52:19 -0500 sindrome sindr...@gmail.com wrote: Thanks for that tip. I was hoping that was the root of it but upon looking at my path, I don't have /tmp in there. II used to have the sticky bit set on there. I just re-set it but portupgrade still keeps barking because it's world writable. It seems that the conflict is Samba needs it to be world writable and portupgrade hates it. I have /tmp set to 1777, I use portupgrade and samba and it works fine... Perhaps check the setting of PATH with 'env' just in case it's getting set somewhere else? ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 19 May 2013 00:34, sindrome sindr...@gmail.com wrote: I just found myself troubleshooting an issue where my desktop machine couldn't login to my local samba server unless I have the /tmp directory permissions set to 777. I'd like to have it 775 not only for security reasons but also because portupgrade always barks when the tmp directory it set that way. Is there something that can be tweaked in smb.conf so that I can authenticate without that? This was in the logs which led me to the root of the problem. [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir (/tmp) failed Once I changed it back to 777 the machine trust was working again. It seems that I could set the TMPDIR environmental variable to another directory but that's the very same variable that portupgrade uses so it would still have the same issue. These are the warnings that portupgrade gives if I keep the permissions that way. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp in PATH, mode 040777 Any thoughts on how I can make Samba not require 777 on /tmp? It is quite honestly an awful idea to have /tmp in your PATH. Remove it, and the complaints will stop. Consider an attacker dropping a load of executables into /tmp, perhaps called portupgrad. You tab-complete as root, and run that instead Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
I checked everywhere (in .cshrc etc..) as well as echo $PATH and /tmp is not in there. I'm not sure where it's picking up /tmp in the path On Sun, May 19, 2013 at 2:36 AM, Chris Rees utis...@gmail.com wrote: On 19 May 2013 00:34, sindrome sindr...@gmail.com wrote: I just found myself troubleshooting an issue where my desktop machine couldn't login to my local samba server unless I have the /tmp directory permissions set to 777. I'd like to have it 775 not only for security reasons but also because portupgrade always barks when the tmp directory it set that way. Is there something that can be tweaked in smb.conf so that I can authenticate without that? This was in the logs which led me to the root of the problem. [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir (/tmp) failed Once I changed it back to 777 the machine trust was working again. It seems that I could set the TMPDIR environmental variable to another directory but that's the very same variable that portupgrade uses so it would still have the same issue. These are the warnings that portupgrade gives if I keep the permissions that way. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp in PATH, mode 040777 Any thoughts on how I can make Samba not require 777 on /tmp? It is quite honestly an awful idea to have /tmp in your PATH. Remove it, and the complaints will stop. Consider an attacker dropping a load of executables into /tmp, perhaps called portupgrad. You tab-complete as root, and run that instead Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 09:57:52 -0500 sindrome articulated: I checked everywhere (in .cshrc etc..) as well as echo $PATH and /tmp is not in there. I'm not sure where it's picking up /tmp in the path Same here. I have no idea where it is getting tmp from. At least it doesn't appear to be causing any problems. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ Bershere's Formula for Failure: There are only two kinds of people who fail: those who listen to nobody ... and those who listen to everybody. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 19 May 2013 16:52, Jerry je...@seibercom.net wrote: On Sun, 19 May 2013 09:57:52 -0500 sindrome articulated: I checked everywhere (in .cshrc etc..) as well as echo $PATH and /tmp is not in there. I'm not sure where it's picking up /tmp in the path Same here. I have no idea where it is getting tmp from. At least it doesn't appear to be causing any problems. Is that with portupgrade too? Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Chris, I'm not sure I understand your question. Portupgrade barks about the /tmp directory being world writable. I pasted the exact errors earlier in this thread. I looked in my path and can't find /tmp in there and can't figure how to get rid of ruby complaining unless I remove the writable permissions. When I do that my windows desktop can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? On Sun, May 19, 2013 at 11:48 AM, Chris Rees utis...@gmail.com wrote: On 19 May 2013 16:52, Jerry je...@seibercom.net wrote: On Sun, 19 May 2013 09:57:52 -0500 sindrome articulated: I checked everywhere (in .cshrc etc..) as well as echo $PATH and /tmp is not in there. I'm not sure where it's picking up /tmp in the path Same here. I have no idea where it is getting tmp from. At least it doesn't appear to be causing any problems. Is that with portupgrade too? Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: I'm not sure I understand your question. Portupgrade barks about the /tmp directory being world writable. I pasted the exact errors earlier in this thread. I looked in my path and can't find /tmp in there and can't figure how to get rid of ruby complaining unless I remove the writable permissions. When I do that my windows desktop can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 13:34:49 -0500 sindrome articulated: On Sun, May 19, 2013 at 11:48 AM, Chris Rees utis...@gmail.com wrote: On 19 May 2013 16:52, Jerry je...@seibercom.net wrote: On Sun, 19 May 2013 09:57:52 -0500 sindrome articulated: I checked everywhere (in .cshrc etc..) as well as echo $PATH and /tmp is not in there. I'm not sure where it's picking up /tmp in the path Same here. I have no idea where it is getting tmp from. At least it doesn't appear to be causing any problems. Is that with portupgrade too? Chris, I'm not sure I understand your question. Portupgrade barks about the /tmp directory being world writable. I pasted the exact errors earlier in this thread. I looked in my path and can't find /tmp in there and can't figure how to get rid of ruby complaining unless I remove the writable permissions. When I do that my windows desktop can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? If I am not mistaken, portupgrade only started with this BS about 6 months ago after it, itself was updated. It might be something hard coded by error into the program. I reported this once before to the port maintainer bdrew...@freebsd.org; however, I never received a response. Maybe I should file a PR against it. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 19:56:39 +0100 Bob Eager articulated: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: I'm not sure I understand your question. Portupgrade barks about the /tmp directory being world writable. I pasted the exact errors earlier in this thread. I looked in my path and can't find /tmp in there and can't figure how to get rid of ruby complaining unless I remove the writable permissions. When I do that my windows desktop can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. I have the directory chmod set to 1777 and I still receive the error. It has been set at that for over two years. This problem only started after a portupgrade several months ago. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Jerry is right. I have it set to 1777 too and still receive the error On Sun, May 19, 2013 at 2:17 PM, Jerry je...@seibercom.net wrote: On Sun, 19 May 2013 19:56:39 +0100 Bob Eager articulated: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: I'm not sure I understand your question. Portupgrade barks about the /tmp directory being world writable. I pasted the exact errors earlier in this thread. I looked in my path and can't find /tmp in there and can't figure how to get rid of ruby complaining unless I remove the writable permissions. When I do that my windows desktop can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. I have the directory chmod set to 1777 and I still receive the error. It has been set at that for over two years. This problem only started after a portupgrade several months ago. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On 05/19/13 20:56, Bob Eager wrote: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. Unfortunately it doesn't - for me at least! Here's the error I get from portupgrade on (all of) my FreeBSD boxes: [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin --- Session started at: Sun, 19 May 2013 21:11:25 +0200 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 AFAIR this started around the time of the last Ruby update over a year ago, the change and subsequent rollback to making the default version of Ruby 1.9. I'm using 1.8.7 which I believe is still the FBSD default version. Is anyone seeing this issue using Ruby 1.9? I definitely do not have /tmp in my $PATH. Cheers Simon. smime.p7s Description: S/MIME Cryptographic Signature
Re: Why does Samba requires 777 permissions on /tmp
I concur with Simon. That's exactly when it started for me. On May 19, 2013, at 2:30 PM, Simon Wright simon.wri...@gmx.net wrote: On 05/19/13 20:56, Bob Eager wrote: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. Unfortunately it doesn't - for me at least! Here's the error I get from portupgrade on (all of) my FreeBSD boxes: [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin --- Session started at: Sun, 19 May 2013 21:11:25 +0200 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 AFAIR this started around the time of the last Ruby update over a year ago, the change and subsequent rollback to making the default version of Ruby 1.9. I'm using 1.8.7 which I believe is still the FBSD default version. Is anyone seeing this issue using Ruby 1.9? I definitely do not have /tmp in my $PATH. Cheers Simon. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 21:30:03 +0200 Simon Wright articulated: On 05/19/13 20:56, Bob Eager wrote: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. Unfortunately it doesn't - for me at least! Here's the error I get from portupgrade on (all of) my FreeBSD boxes: [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin --- Session started at: Sun, 19 May 2013 21:11:25 +0200 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 AFAIR this started around the time of the last Ruby update over a year ago, the change and subsequent rollback to making the default version of Ruby 1.9. I'm using 1.8.7 which I believe is still the FBSD default version. Is anyone seeing this issue using Ruby 1.9? I definitely do not have /tmp in my $PATH. Information for portupgrade-devel-20130313_1,3: Depends on: Dependency: libyaml-0.1.4_2 Dependency: openssl-1.0.1_8 Dependency: libffi-3.0.13 Dependency: libexecinfo-1.1_3 Dependency: ruby-1.9.3.392,1 Dependency: ruby19-date2-4.0.19 Dependency: db48-4.8.30.0 Dependency: ruby19-bdb-0.6.6_1 And yes, I have the same error message. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 21:30:03 +0200 Simon Wright simon.wri...@gmx.net wrote: On 05/19/13 20:56, Bob Eager wrote: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. Unfortunately it doesn't - for me at least! Here's the error I get from portupgrade on (all of) my FreeBSD boxes: [simon@vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin --- Session started at: Sun, 19 May 2013 21:11:25 +0200 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777 AFAIR this started around the time of the last Ruby update over a year ago, the change and subsequent rollback to making the default version of Ruby 1.9. I'm using 1.8.7 which I believe is still the FBSD default version. Is anyone seeing this issue using Ruby 1.9? I definitely do not have /tmp in my $PATH. As I said, that may not be the explicit problem. The message does seem to be from the ruby runtime. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
From the original post that started this thread, I noticed that the error from portupgrade/ruby was showing the permissions that it didn't like as mode 040777 (octal). This is definitely with the sticky bit turned OFF. It should be 041777. 'stat -r /tmp' will print the permissions in octal rather than the '..rwx...' from ls -l; the permissions is the third group of numbers. Jimmy On Sun, May 19, 2013 at 03:12:08PM -0500, sindrome wrote: Jerry is right. I have it set to 1777 too and still receive the error On Sun, May 19, 2013 at 2:17 PM, Jerry je...@seibercom.net wrote: On Sun, 19 May 2013 19:56:39 +0100 Bob Eager articulated: On Sun, 19 May 2013 13:34:49 -0500 sindrome sindr...@gmail.com wrote: I'm not sure I understand your question. Portupgrade barks about the /tmp directory being world writable. I pasted the exact errors earlier in this thread. I looked in my path and can't find /tmp in there and can't figure how to get rid of ruby complaining unless I remove the writable permissions. When I do that my windows desktop can't authenticate to my samba server. There has to be a root of this problem to make them both work. Is there some other place portupgrade is having /tmp amended on without it being in my $PATH? I went back and had a closer look at your error message. What I hadn't done (and neither had you, prior to that) was read and fully digest the error message. portupgrade is calling its 'system()' function to run a command. The Ruby runtime does a sanity check to make sure that the directories in the path are secure...and /tmp isn't. I suspect that portupgrade puts temporary scripts into /tmp, then executes them; this implies that it's probably chdir'ing to /tmp, then haveing '.' in thge path, or even just adding /tmp to the path, although I don't think so. Anyway, what's insecure is that you don't have the sticky bit set. If you use: chmod 1777 /tmp it ought to all work. I have the directory chmod set to 1777 and I still receive the error. It has been set at that for over two years. This problem only started after a portupgrade several months ago. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sun, 19 May 2013 15:59:12 -0500 Jimmy ljboi...@gmail.com wrote: From the original post that started this thread, I noticed that the error from portupgrade/ruby was showing the permissions that it didn't like as mode 040777 (octal). This is definitely with the sticky bit turned OFF. It should be 041777. 'stat -r /tmp' will print the permissions in octal rather than the '..rwx...' from ls -l; the permissions is the third group of numbers. Well, that's true. And it is a security risk not to have the sticky bit on /tmp. Of course (for the avoidance of confusion) the 04 bit can't be changed, being the 'directory' bit. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
You can see the sticky bit is indeed set and I'm still getting these errors: stat -r /tmp 90 7418880 041777 3 0 0 29641368 512 1368950908 1369024120 1369024120 1130953852 16384 4 0 /tmp /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 On Sun, May 19, 2013 at 4:22 PM, Bob Eager r...@tavi.co.uk wrote: On Sun, 19 May 2013 15:59:12 -0500 Jimmy ljboi...@gmail.com wrote: From the original post that started this thread, I noticed that the error from portupgrade/ruby was showing the permissions that it didn't like as mode 040777 (octal). This is definitely with the sticky bit turned OFF. It should be 041777. 'stat -r /tmp' will print the permissions in octal rather than the '..rwx...' from ls -l; the permissions is the third group of numbers. Well, that's true. And it is a security risk not to have the sticky bit on /tmp. Of course (for the avoidance of confusion) the 04 bit can't be changed, being the 'directory' bit. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Hi, On Sun, 19 May 2013 23:31:21 -0500 sindrome sindr...@gmail.com wrote: You can see the sticky bit is indeed set and I'm still getting these errors: you must first realise that this is not an error but a warning /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp/. in PATH, mode 041777 Could it be that we all got this message but did not bother because we get so many warnings during an upgrade? Erich ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
On Sat, 18 May 2013 18:34:47 -0500 sindrome sindr...@gmail.com wrote: I just found myself troubleshooting an issue where my desktop machine couldn't login to my local samba server unless I have the /tmp directory permissions set to 777. I'd like to have it 775 not only for security reasons but also because portupgrade always barks when the tmp directory it set that way. Is there something that can be tweaked in smb.conf so that I can authenticate without that? This was in the logs which led me to the root of the problem. [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir (/tmp) failed Once I changed it back to 777 the machine trust was working again. It seems that I could set the TMPDIR environmental variable to another directory but that's the very same variable that portupgrade uses so it would still have the same issue. These are the warnings that portupgrade gives if I keep the permissions that way. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp in PATH, mode 040777 Any thoughts on how I can make Samba not require 777 on /tmp? The correct mode for /tmp is probably 1777 anyway. That allows anyone to create files there, but only they can manipulate them. See sticky(7). The implication of the error messages from portupgrade is that /tmp is in your PATH, which is pretty unusual. Check your .profile, login, .cshrc etc. and remove /tmp from any path settings. This is indeed a security risk! Do that, portupgrade will stop complaining, and the correct 1777 (or 777) setting will keep samba happy. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Thanks for that tip. I was hoping that was the root of it but upon looking at my path, I don't have /tmp in there. II used to have the sticky bit set on there. I just re-set it but portupgrade still keeps barking because it's world writable. It seems that the conflict is Samba needs it to be world writable and portupgrade hates it. On Sat, May 18, 2013 at 6:46 PM, Bob Eager r...@tavi.co.uk wrote: On Sat, 18 May 2013 18:34:47 -0500 sindrome sindr...@gmail.com wrote: I just found myself troubleshooting an issue where my desktop machine couldn't login to my local samba server unless I have the /tmp directory permissions set to 777. I'd like to have it 775 not only for security reasons but also because portupgrade always barks when the tmp directory it set that way. Is there something that can be tweaked in smb.conf so that I can authenticate without that? This was in the logs which led me to the root of the problem. [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir (/tmp) failed Once I changed it back to 777 the machine trust was working again. It seems that I could set the TMPDIR environmental variable to another directory but that's the very same variable that portupgrade uses so it would still have the same issue. These are the warnings that portupgrade gives if I keep the permissions that way. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp in PATH, mode 040777 Any thoughts on how I can make Samba not require 777 on /tmp? The correct mode for /tmp is probably 1777 anyway. That allows anyone to create files there, but only they can manipulate them. See sticky(7). The implication of the error messages from portupgrade is that /tmp is in your PATH, which is pretty unusual. Check your .profile, login, .cshrc etc. and remove /tmp from any path settings. This is indeed a security risk! Do that, portupgrade will stop complaining, and the correct 1777 (or 777) setting will keep samba happy. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Why does Samba requires 777 permissions on /tmp
Hi, On Sat, 18 May 2013 19:52:19 -0500 sindrome sindr...@gmail.com wrote: Thanks for that tip. I was hoping that was the root of it but upon looking at my path, I don't have /tmp in there. II used to have the sticky bit set on there. I just re-set it but portupgrade still keeps barking because it's world writable. It seems that the conflict is Samba needs it to be world writable and portupgrade hates it. this is all really weird. /tmp is meant to be written by everyone on the machine. The elements inside /tmp can have then any other settings. Your problem must be caused by something else. At least, I cannot remember to ever have seen /tmp with a different setting than 0777. Erich On Sat, May 18, 2013 at 6:46 PM, Bob Eager r...@tavi.co.uk wrote: On Sat, 18 May 2013 18:34:47 -0500 sindrome sindr...@gmail.com wrote: I just found myself troubleshooting an issue where my desktop machine couldn't login to my local samba server unless I have the /tmp directory permissions set to 777. I'd like to have it 775 not only for security reasons but also because portupgrade always barks when the tmp directory it set that way. Is there something that can be tweaked in smb.conf so that I can authenticate without that? This was in the logs which led me to the root of the problem. [2013/05/18 13:31:01, 0] smbd/service.c:191(set_current_service) chdir (/tmp) failed Once I changed it back to 777 the machine trust was working again. It seems that I could set the TMPDIR environmental variable to another directory but that's the very same variable that portupgrade uses so it would still have the same issue. These are the warnings that portupgrade gives if I keep the permissions that way. /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:483: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:1170: warning: Insecure world writable dir /tmp in PATH, mode 040777 /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgmisc.rb:108: warning: Insecure world writable dir /tmp in PATH, mode 040777 Any thoughts on how I can make Samba not require 777 on /tmp? The correct mode for /tmp is probably 1777 anyway. That allows anyone to create files there, but only they can manipulate them. See sticky(7). The implication of the error messages from portupgrade is that /tmp is in your PATH, which is pretty unusual. Check your .profile, login, .cshrc etc. and remove /tmp from any path settings. This is indeed a security risk! Do that, portupgrade will stop complaining, and the correct 1777 (or 777) setting will keep samba happy. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org