Why does Samba requires 777 permissions on /tmp
Sindrome
sindrome at gmail.com
Sun May 19 20:37:28 UTC 2013
I concur with Simon. That's exactly when it started for me.
On May 19, 2013, at 2:30 PM, Simon Wright <simon.wright at gmx.net> wrote:
> On 05/19/13 20:56, Bob Eager wrote:
>> On Sun, 19 May 2013 13:34:49 -0500
>> sindrome <sindrome at gmail.com> wrote:
>>
>>> can't authenticate to my samba server. There has to be a root of
>>> this problem to make them both work. Is there some other place
>>> portupgrade is having /tmp amended on without it being in my $PATH?
>>
>> I went back and had a closer look at your error message. What I hadn't
>> done (and neither had you, prior to that) was read and fully digest the
>> error message.
>>
>> portupgrade is calling its 'system()' function to run a command. The
>> Ruby runtime does a sanity check to make sure that the directories in
>> the path are secure...and /tmp isn't. I suspect that portupgrade puts
>> temporary scripts into /tmp, then executes them; this implies that it's
>> probably chdir'ing to /tmp, then haveing '.' in thge path, or even just
>> adding /tmp to the path, although I don't think so.
>>
>> Anyway, what's insecure is that you don't have the sticky bit set. If
>> you use:
>>
>> chmod 1777 /tmp
>>
>> it ought to all work.
>
> Unfortunately it doesn't - for me at least! Here's the error I get from portupgrade on (all of) my FreeBSD boxes:
>
> [simon at vmserver02 ~]$ sudo portupgrade -pP sysutils/webmin
> ---> Session started at: Sun, 19 May 2013 21:11:25 +0200
> /usr/local/lib/ruby/site_ruby/1.8/pkgtools/pkgtools.rb:288: warning: Insecure world writable dir /tmp/ in PATH, mode 041777
>
> AFAIR this started around the time of the last Ruby update over a year ago, the change and subsequent rollback to making the default version of Ruby 1.9. I'm using 1.8.7 which I believe is still the FBSD default version. Is anyone seeing this issue using Ruby 1.9?
>
> I definitely do not have /tmp in my $PATH.
>
> Cheers
>
> Simon.
>
More information about the freebsd-ports
mailing list