Re: sata/ata device permission for user
On 2013-04-15 07:49, Beeblebrox wrote: EDIT: I had already placed in /etc/devfs.conf this entry some time ago: # Allow members of group operator to mount cdrom own /dev/cd0 root:operator perm/dev/cd0 0660 Not allowing mount despite all of these adjustments (being tested with data cd and NOT audio cd), which is what I am unable to figure out. The user also needs access to the corresponding pass device which is shown by camcontrol devlist. He also needs access to /dev/xpt0 I think. signature.asc Description: OpenPGP digital signature
sata/ata device permission for user
The user also needs access to the corresponding pass device which is shown by camcontrol devlist. He also needs access to /dev/xpt0 I think. HL-DT-ST DVDRAM GSA-4165B DL05 at scbus6 target 0 lun 0 (cd0,pass3) crw--- 1 root operator 0x48 Apr 18 07:08 pass0 crw--- 1 root operator 0x49 Apr 18 07:08 pass1 crw--- 1 root operator 0x4a Apr 18 07:08 pass2 crw--- 1 root operator 0x4b Apr 18 07:08 pass3 crw--- 1 root operator 0x42 Apr 18 07:08 xpt0 User is member of operator group. However, I agree with your idea because just now I was working with cdrtools and got this error, but when I ran as root no error: % cdda2wav summary --device /dev/cd0 cdda2wav: Permission denied. Open of /dev/xpt0 failed. Cannot open or use SCSI driver. cdda2wav: For possible targets try 'cdda2wav -scanbus'. Make sure you are root. Probably you did not define your SCSI device. Set the CDDA_DEVICE environment variable or use the -D option. Regards. - 10-Current-amd64-using ccache-portstree merged with marcuscom.gnome3 xorg.devel -- View this message in context: http://freebsd.1045724.n5.nabble.com/sata-ata-device-permission-for-user-tp5803691p5804740.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sata/ata device permission for user
On Thu, 18 Apr 2013 00:32:09 -0700 (PDT), Beeblebrox wrote: The user also needs access to the corresponding pass device which is shown by camcontrol devlist. He also needs access to /dev/xpt0 I think. Correct, that matches my settings. :-) HL-DT-ST DVDRAM GSA-4165B DL05 at scbus6 target 0 lun 0 (cd0,pass3) crw--- 1 root operator 0x48 Apr 18 07:08 pass0 crw--- 1 root operator 0x49 Apr 18 07:08 pass1 crw--- 1 root operator 0x4a Apr 18 07:08 pass2 crw--- 1 root operator 0x4b Apr 18 07:08 pass3 crw--- 1 root operator 0x42 Apr 18 07:08 xpt0 User is member of operator group. But the group permissions are --- (none). However, I agree with your idea because just now I was working with cdrtools and got this error, but when I ran as root no error: % cdda2wav summary --device /dev/cd0 cdda2wav: Permission denied. Open of /dev/xpt0 failed. Cannot open or use SCSI driver. cdda2wav: For possible targets try 'cdda2wav -scanbus'. Make sure you are root. Probably you did not define your SCSI device. Set the CDDA_DEVICE environment variable or use the -D option. You should be able to see something like this: % cdda2wav summary --device /dev/cd0 No target specified, trying to find one... cdda2wav: Too many CD/DVD/BD-Recorder targets found. scsibus0: 0,0,0 0) 'HL-DT-ST' 'DVDRAM GSA-H42N ' 'RL00' Removable CD-ROM 0,1,0 1) 'HL-DT-ST' 'DVD-ROM GDR8163B' '0L30' Removable CD-ROM 0,2,0 2) * 0,3,0 3) * 0,4,0 4) * 0,5,0 5) * 0,6,0 6) * 0,7,0 7) * cdda2wav: Select a target from the list above and use 'cdda2wav dev=b,t,l'. As it has been mentioned, access to xpt is also required. It should be fine to set this via group permissions. This is an example of possible settings: linkcd0 dvd own cd0 root:operator permcd0 0660 own cd1 root:operator permcd1 0660 own pass0 root:operator permpass0 0660 own pass1 root:operator permpass1 0660 own xpt0root:operator permxpt00660 See man xpt for details. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sata/ata device permission for user
But the group permissions are --- (none). D'oh! Well, that made a difference and I can query the cd0 device with cdda2wav as my user now. I still can't mount a data CD however. - 10-Current-amd64-using ccache-portstree merged with marcuscom.gnome3 xorg.devel -- View this message in context: http://freebsd.1045724.n5.nabble.com/sata-ata-device-permission-for-user-tp5803691p5804757.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sata/ata device permission for user
On Thu, Apr 18, 2013 at 03:41:11AM -0700, Beeblebrox typed: But the group permissions are --- (none). D'oh! Well, that made a difference and I can query the cd0 device with cdda2wav as my user now. I still can't mount a data CD however. What's the output of: sysctl vfs.usermount ?? -- Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sata/ata device permission for user
What's the output of: sysctl vfs.usermount vfs.usermount: 1 I can mount USB devices... - 10-Current-amd64-using ccache-portstree merged with marcuscom.gnome3 xorg.devel -- View this message in context: http://freebsd.1045724.n5.nabble.com/sata-ata-device-permission-for-user-tp5803691p5804802.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sata/ata device permission for user
On Thu, 18 Apr 2013 03:41:11 -0700 (PDT), Beeblebrox wrote: But the group permissions are --- (none). D'oh! Well, that made a difference and I can query the cd0 device with cdda2wav as my user now. I still can't mount a data CD however. You need write access to the cd, pass and xpt devices. You also need to _own_ the mount target directory. If you try something temporary within your home directory, it should always work: % cd % mkdir mnttest % mount -o ro -t cd9660 /dev/cd0 mnttest If you intend to mount below /media or into /cdrom or /dvd, you need to set the proper owner. If you are using X with the GiveConsole and TakeConsole script. Then you can do things like this: % mount /media/dvd given that all the over information is preprogrammed in /etc/fstab. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sata/ata device permission for user
My user is unable to mount cdrom and cannot use qemu for the HDD devices. Why is access to these devices being refused for my user? 1. % mount_cd9660 /dev/cd0 /cdrom mount_cd9660: /dev/cd0: Operation not permitted 2. % qemu-system-x86_64 -hda /dev/ada2 qemu-system-x86_64: -hda /dev/ada2: could not open disk image /dev/ada2: Operation not permitted *SETTINGS:* % id = uid=1001(xyz) gid=0(wheel) groups=0(wheel),5(operator),1001(xyz) /etc/devfs.rules has: [localrules=10] add path 'ada[0-9]*' mode 0660 group operator add path 'da[0-9]*' mode 0660 group operator add path 'cd[0-9]*' mode 0660 group operator /etc/rc.conf has: devfs_system_ruleset=localrules Regards. - 10-Current-amd64-using ccache-portstree merged with marcuscom.gnome3 xorg.devel -- View this message in context: http://freebsd.1045724.n5.nabble.com/sata-ata-device-permission-for-user-tp5803691.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sata/ata device permission for user
On Sun, 14 Apr 2013 01:11:38 -0700 (PDT), Beeblebrox wrote: My user is unable to mount cdrom and cannot use qemu for the HDD devices. Why is access to these devices being refused for my user? Because there have to be certain permissions in order to allow a non-root user perform such tasks: 1. The setting vfs.usermount=1 has to be present in /etc/sysctl.conf . 2. The user must have write access to the device file. 3. The user has to own the mount directory. It helps if the user is in the wheel group. 1. % mount_cd9660 /dev/cd0 /cdrom mount_cd9660: /dev/cd0: Operation not permitted Check permissions of /dev/cd0 and /cdrom. 2. % qemu-system-x86_64 -hda /dev/ada2 qemu-system-x86_64: -hda /dev/ada2: could not open disk image /dev/ada2: Operation not permitted Check permissions of /dev/ada2, maybe write permission is needed? *SETTINGS:* % id = uid=1001(xyz) gid=0(wheel) groups=0(wheel),5(operator),1001(xyz) /etc/devfs.rules has: [localrules=10] add path 'ada[0-9]*' mode 0660 group operator add path 'da[0-9]*' mode 0660 group operator add path 'cd[0-9]*' mode 0660 group operator /etc/rc.conf has: devfs_system_ruleset=localrules Looks correct, but doesn't seem to be sufficient. But take into mind that /etc/devfs.rules is used for dynamically allocated devices, and /etc/devfs.conf for those present at boot time (usually cd, maybe also da and ada depending on your setup). Also see: http://forums.freebsd.org/showthread.php?t=5796 Compare to Handbook 19.5.2: http://www.freebsd.org/doc/en/books/handbook/usb-disks.html Maybe also helpful: http://www.cyberciti.biz/faq/freebsd-allow-ordinary-users-mount-cd-rom-dvds-usb-removabledevice/ -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sata/ata device permission for user
Hello, 1. Neglected to specify that vfs.usermount=1 is set in /etc/sysctl.conf. My user can mount USB drives. 2. Settings in /etc/devfs.rules is being passed to system correctly because ownership is correct: crw-rw 1 root operator 0x57 Apr 15 09:46 /dev/cd0 3. File permissions for /cdrom is root operator 2 Mar 3 2011 cdrom/ I had also tried mounting on a folder with 1777 permission before posting. Otherwise, * I had solved the qemu problem, it was a small oversight. It helps if the user is in the wheel group. Membership in operator should be sufficient... Looks correct, but doesn't seem to be sufficient. /etc/devfs.rules is used for dynamically allocated devices and /etc/devfs.conf for those present at boot time. As far as I understand, you can set rules for any device in devfs.rules, but not vice-versa. But I should also try with devfs.conf just to make sure... Regards. - 10-Current-amd64-using ccache-portstree merged with marcuscom.gnome3 xorg.devel -- View this message in context: http://freebsd.1045724.n5.nabble.com/sata-ata-device-permission-for-user-tp5803691p5803879.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sata/ata device permission for user
EDIT: I had already placed in /etc/devfs.conf this entry some time ago: # Allow members of group operator to mount cdrom own /dev/cd0 root:operator perm/dev/cd0 0660 Not allowing mount despite all of these adjustments (being tested with data cd and NOT audio cd), which is what I am unable to figure out. - 10-Current-amd64-using ccache-portstree merged with marcuscom.gnome3 xorg.devel -- View this message in context: http://freebsd.1045724.n5.nabble.com/sata-ata-device-permission-for-user-tp5803691p5803900.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Occassional permission denied in the middle of a large transfer over NFS
I seem to have run into the problems described in this old thread. http://lists.freebsd.org/pipermail/freebsd-questions/2004-April/044927.html tl:dr mountd may give incorrect permission denied errors when it is refreshing the exports list, /sbin/mount has code that sends SIGHUP to mountd on any mount operation. Which implies that any manual mount request, including NFS mounts would cause the problem. Does anyone know if this is still the case with the new NFS server? thanks, Vince ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? umask when creating files there. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
Thanks. But I need specific directory only. umask way seems to set mode not only under ~/secret but other directories like ~/public. Is there any elegant way? elegant way is just to chmod 700 ~/secret and do not do anything more, as files under ~/secret are already inaccessible too for others and group. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
file permission template
I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
man sh (or man csh) - look for 'umask' On Sat, May 12, 2012 at 7:37 AM, fake fake four.troublesome.he...@gmail.com wrote: I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
Thanks. But I need specific directory only. umask way seems to set mode not only under ~/secret but other directories like ~/public. Is there any elegant way? 2012/5/12 Michael Sierchio ku...@tenebras.com: man sh (or man csh) - look for 'umask' On Sat, May 12, 2012 at 7:37 AM, fake fake four.troublesome.he...@gmail.com wrote: I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
On Sat, 12 May 2012 23:37:00 +0900, fake fake wrote: I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? Depending on your shell, there is a umask command that can be used as a template. For example, if you're using the default dialog shell csh, put the required umask value into ~/.cshrc. Note that this will cause _all_ file creations by that user to have that predefined value. See man csh for details. (In case you're using bash or a different shell, consult the respective documentation.) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
On Sun, 13 May 2012 00:15:54 +0900, fake fake wrote: Thanks. But I need specific directory only. umask way seems to set mode not only under ~/secret but other directories like ~/public. You're sure you want to have something _public_ in your home directory? Is there any elegant way? Depends on how the files are created. A possibility is to set umask prior to creating files, and resetting it to its previous value when being done. If files are created automatically, this could be done by a shell script. Such a script could also be used to copy to secure directory, performing the cp and the chmod step. However, is there any problem _for your particular case_ that setting secret/ to rwx/-/- only, and leaving the files inside with the default umask rw/r/r? Maybe there really is a more elegant way. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file permission template
I need a sort of file permission template. Under some particular directory (like ~/secret), I need all those files (including newly creating one) mode 700. Is there any template-trick? Or chmod -R 700 every time? As usual, 'insufficient data'. created 'by whom', and 'how'? some starting points: a) 'man umask'. b) 'man 2 chmod', c) see also how the 'setuid' bit works on directories note if '~/secret' is mode 700, no one other than the owner can list the files in it (or any subdirectory), nor can they use it in a path name. Is this sufficient? If not, exactly _what_ are you trying to accomplish? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chrooted ssh user and /dev/tty permission denied
You'll never silence the voice of the voiceless, Ibrahim! 2011/01/20 11:06:30 +0200 Ibrahim Harrani ibrahim.harr...@gmail.com = To freebsd-questions@freebsd.org : IH cannot open /dev/tty: permission denied message. This sounds as a problem of standard handles permissions to me. I'm not expereinced in C library to qualify it more exactly. I use such a hack against this, depending on the situattion: 1. -t parameter for your ssh client 2. /usr/bin/script -qt0 /dev/null before your ssh command or sometimes both of them. Sometimes some of those hack leads to higher CPU consumption, so I omit the one. IH crw--w 1 root tty0, 88 Jan 20 11:02 /dev/tty IH I tired to change permission as root from out of the chroot by chmod, IH the permission never change. Since some version of freebsd the devices are kept in devfs and chmod may not work ( although it did recently for me for some of a directory in /dev, or a symlink, I just don't remember). You should define a 'mode' rule in some of your /etc/devfs.* configs, depending on your particular need. 73! Peter pgp: A0E26627 (4A42 6841 2871 5EA7 52AB 12F8 0CE1 4AAC A0E2 6627) -- http://vereshagin.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
chrooted ssh user and /dev/tty permission denied
Hi, I have a problem with making remote ssh connection in chroot env. I configured chroot in sshd_config on FreeBSD 8.1 like following. Match user myuser ChrootDirectory /opt/root/myuser X11Forwarding no AllowTcpForwarding no RSAAuthentication yes PubkeyAuthentication yes and configured fstab like following. devfs /opt/root/myuser/dev devfs rw 0 0 and rc.conf devfs_set_rulesets=/opt/root/myuser/dev=devfsrules_jail I copied all binaries and libs (such as ssh,ls,pwd,ftp,scp) also. I can make ssh connection with this user to chroot enviorment successfully. When I tried to make a ssh/scp/sftp connection to remote box in chroot. I got cannot open /dev/tty: permission denied message. The permission of /dev/tty is following on chroot's /dev directory crw--w 1 root tty0, 88 Jan 20 11:02 /dev/tty I tired to change permission as root from out of the chroot by chmod, the permission never change. What should I do to make a remo ssh conn inside of the chroot env? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: chrooted ssh user and /dev/tty permission denied
On 20 January 2011 09:06, Ibrahim Harrani ibrahim.harr...@gmail.com wrote: Hi, I have a problem with making remote ssh connection in chroot env. I configured chroot in sshd_config on FreeBSD 8.1 like following. Match user myuser ChrootDirectory /opt/root/myuser X11Forwarding no AllowTcpForwarding no RSAAuthentication yes PubkeyAuthentication yes and configured fstab like following. devfs /opt/root/myuser/dev devfs rw 0 0 and rc.conf devfs_set_rulesets=/opt/root/myuser/dev=devfsrules_jail I copied all binaries and libs (such as ssh,ls,pwd,ftp,scp) also. I can make ssh connection with this user to chroot enviorment successfully. When I tried to make a ssh/scp/sftp connection to remote box in chroot. I got cannot open /dev/tty: permission denied message. The permission of /dev/tty is following on chroot's /dev directory crw--w 1 root tty 0, 88 Jan 20 11:02 /dev/tty I tired to change permission as root from out of the chroot by chmod, the permission never change. What should I do to make a remo ssh conn inside of the chroot env? Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Just of a matter of interest, why are you using ssh chroot rather than a full jail? You might have more success with a real jail. If there are ip limitations bind it to a loopback address then forward on the ssh connections from a non standard port on the public interface eg port ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On Fri, May 21, 2010 at 03:55:59PM +0400, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? It was accidentally marked as OpenSolaris-specific. Should be fixed as of r208684 in HEAD and I plan to merge it to stable/8 in few days. Thanks for the report! -- Pawel Jakub Dawidek http://www.wheelsystems.com p...@freebsd.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! pgpWpZWCOlJQ4.pgp Description: PGP signature
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On Mon, May 31, 2010 at 6:32 PM, Pawel Jakub Dawidek p...@freebsd.org wrote: On Fri, May 21, 2010 at 03:55:59PM +0400, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUE SOURCE tank/s1 jailed off default How can I change its value? It was accidentally marked as OpenSolaris-specific. Should be fixed as of r208684 in HEAD and I plan to merge it to stable/8 in few days. Thanks for the report! I discovered this just last night (May 30, 2010) -- will it be able to be pushed into 8.1-RELEASE? It's important in my ezjail setups... -Brandon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On Saturday 22 May 2010, jhell wrote: On 05/21/2010 07:55, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? Thanks. Simply put, property 'jailed' not supported on FreeBSD. Some features that you may see in a zfs get all pool will not work because they are not implemented yet or are not planned to be implemented because they are too *Solaris dependent. But this feature was in 7S and in 8.0R: r...@donkey:samba33# uname -sr FreeBSD 7.3-RELEASE r...@donkey:samba33# zfs set jailed=on data/test r...@donkey:samba33# zfs get jailed data/test NAME PROPERTY VALUE SOURCE data/test jailedon local When I updated to 8.1PRE it stopped working. Are there any plans for the revival of jailed? Good luck -- EMIT-RIPN, EVM7-RIPE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On Mon, May 24, 2010 at 10:13:28AM +0400, Eugene Mitrofanov wrote: On Saturday 22 May 2010, jhell wrote: On 05/21/2010 07:55, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? Thanks. Simply put, property 'jailed' not supported on FreeBSD. Some features that you may see in a zfs get all pool will not work because they are not implemented yet or are not planned to be implemented because they are too *Solaris dependent. But this feature was in 7S and in 8.0R: r...@donkey:samba33# uname -sr FreeBSD 7.3-RELEASE r...@donkey:samba33# zfs set jailed=on data/test r...@donkey:samba33# zfs get jailed data/test NAME PROPERTY VALUE SOURCE data/test jailedon local When I updated to 8.1PRE it stopped working. Are there any plans for the revival of jailed? ZFS_PROP_ZONED (property jailed) was explicitly added to the not-supported-on-FreeBSD property list as of 5 weeks ago per MFC r197867. See commit 1.4.2.4 to RELENG_8 here: http://www.freebsd.org/cgi/cvsweb.cgi/src/cddl/contrib/opensolaris/lib/libzfs/common/libzfs_dataset.c And the piece which was committed to HEAD: http://svn.freebsd.org/viewvc/base?view=revisionrevision=197867 CC'ing responsible committers to answer your question. -- | Jeremy Chadwick j...@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On 05/24/2010 02:13, Eugene Mitrofanov wrote: On Saturday 22 May 2010, jhell wrote: On 05/21/2010 07:55, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? Thanks. Simply put, property 'jailed' not supported on FreeBSD. Some features that you may see in a zfs get all pool will not work because they are not implemented yet or are not planned to be implemented because they are too *Solaris dependent. But this feature was in 7S and in 8.0R: r...@donkey:samba33# uname -sr FreeBSD 7.3-RELEASE r...@donkey:samba33# zfs set jailed=on data/test r...@donkey:samba33# zfs get jailed data/test NAME PROPERTY VALUE SOURCE data/test jailedon local When I updated to 8.1PRE it stopped working. Are there any plans for the revival of jailed? Good luck And what exactly did that property do for you... ?||? AFAIK it was a NOP. -- jhell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On Monday 24 May 2010, jhell wrote: On 05/24/2010 02:13, Eugene Mitrofanov wrote: On Saturday 22 May 2010, jhell wrote: On 05/21/2010 07:55, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? Thanks. Simply put, property 'jailed' not supported on FreeBSD. Some features that you may see in a zfs get all pool will not work because they are not implemented yet or are not planned to be implemented because they are too *Solaris dependent. But this feature was in 7S and in 8.0R: r...@donkey:samba33# uname -sr FreeBSD 7.3-RELEASE r...@donkey:samba33# zfs set jailed=on data/test r...@donkey:samba33# zfs get jailed data/test NAME PROPERTY VALUE SOURCE data/test jailedon local When I updated to 8.1PRE it stopped working. Are there any plans for the revival of jailed? Good luck And what exactly did that property do for you... ?||? AFAIK it was a NOP. -- jhell I want to set up something like described in http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2009-12/msg00028.html -- EMIT-RIPN, EVM7-RIPE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
On 05/21/2010 07:55, Eugene Mitrofanov wrote: Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? Thanks. Simply put, property 'jailed' not supported on FreeBSD. Some features that you may see in a zfs get all pool will not work because they are not implemented yet or are not planned to be implemented because they are too *Solaris dependent. See jail(1) for setting up a jail on FreeBSD. -- jhell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD 8.1-PRERELEASE: property 'jailed' not supported on FreeBSD: permission denied
Hi The command zfs set jailed=on tank/s1 is failed with the message property 'jailed' not supported on FreeBSD: permission denied. Output of zfs get jailed tank/s1 shows me that the property jailed is still exists: NAME PROPERTY VALUESOURCE tank/s1 jailedoff default How can I change its value? Thanks. -- EMIT-RIPN, EVM7-RIPE ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can't get mysql to start - permission error
Hi all: I'm running FBSD 8.0, amd64. After installing the mysql port: Mysql55-server and mysql55-client I've attempted to start using mysql_safe --user=mysql. It craps out and in the error log I find: 100410 7:25:36 InnoDB: Operating system error number 13 in a file operation. InnoDB: The error means mysqld does not have the access rights to InnoDB: the directory. InnoDB: File name ./ibdata1 InnoDB: File operation call: 'create'. InnoDB: Cannot continue operation. I suspect incorrect permissions somewhere. The question is... Where? Does anyone have any idea where it's trying to create ibdata1? And on a slightly related note - attempts to build the mysql60-server port rapidly dies with the error: === mysql-server-6.0.11 cannot install: unknown MySQL version: 60. *** Error code 1 Anyone know what that's all about? Thanks for any help or words of wisdom. IHN, Gene -- To everything there is a season, And a time to every purpose under heaven. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't get mysql to start - permission error
On Sun, 11 Apr 2010 08:58 am, Gene wrote: Hi all: I'm running FBSD 8.0, amd64. After installing the mysql port: Mysql55-server and mysql55-client I've attempted to start using mysql_safe --user=mysql. It is probably better to add: mysql_enable=YES to /etc/rc.conf and then run # /usr/local/etc/rc.d/mysql-server start which amongst other things will run mysql_safe. It craps out and in the error log I find: 100410 7:25:36 InnoDB: Operating system error number 13 in a file operation. InnoDB: The error means mysqld does not have the access rights to InnoDB: the directory. InnoDB: File name ./ibdata1 InnoDB: File operation call: 'create'. InnoDB: Cannot continue operation. I suspect incorrect permissions somewhere. The question is... Where? Does anyone have any idea where it's trying to create ibdata1? With a new installation you need to run # mysql_install_db --ldata=/var/db/mysql to create the data base structure, and # chown -R mysql:mysql /var/db/mysql If /var/db/mysql/mysql does not already exist then # /usr/local/etc/rc.d/mysql-server start should execute these commands for you. You don't need to run mysql_safe from the command line. (My systems are i386 but I don't expect that this will make any difference) And on a slightly related note - attempts to build the mysql60-server port rapidly dies with the error: === mysql-server-6.0.11 cannot install: unknown MySQL version: 60. *** Error code 1 Hmm, seem to reacall discarding mysql60 for some reason but I think not for the error you experienced. Malcolm Kay Anyone know what that's all about? Thanks for any help or words of wisdom. IHN, Gene -- To everything there is a season, And a time to every purpose under heaven. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
Nerius Landys nlan...@gmail.com writes: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. 2. Would I want to change the permission of /root to 700 permanently, and how? By default, there's nothing sensitive in that directory, so there's no reason to protect it more thoroughly than the defaults. If you put something in that directory, you might want to change the permissions, but that would be up to you and your own knowledge of your system. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
Nerius Landys wrote: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? Yup, 99% sure of that. Kevin Kinsey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
In the last episode (Feb 01), Nerius Landys said: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? I was going to point blame at mtree, but the file for the root filesystem ( /etc/mtree/BSD.root.dist ) just lists /root without forcing a mode value. You could probably use either dtrace or the audit system to log exactly when the permissions get changed. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: /root permission reset on boot
Nerius Landys nlan...@gmail.com writes: I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). It's something local to your machine; this doesn't happen on any machine I've used, and I can't find anything that could be configured for that. Perhaps I was mistaken about this happening after every reboot. Perhaps it only happens when I upgrade my world (make buildworld, make installworld, etc.). I do this often (every time a release patch is released). So, perhaps this only happens during these upgrades? Yes, that makes more sense. Just change the setting in /etc/mtree/BSD.root.dist. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
/root permission reset on boot
I'm running FreeBSD 7.1 i386, and even after I chmod 700 /root, after a reboot it goes back to permission 755. 1. What's the reason for this? There must be a good reason and I would like to know it. Everything in FreeBSD just makes sense and is well designed (honestly, no sarcasm here). 2. Would I want to change the permission of /root to 700 permanently, and how? - Nerius ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
cannot create 'tank': permission denied
Hi! Getting weird error #zpool create tank mfid0p4 cannot create 'tank': permission denied On dmesg: vdev_geom_open_by_path:466[1]: Found provider by name /dev/mfid0p4. vdev_geom_attach:112[1]: Attaching to mfid0p4. vdev_geom_attach:153[1]: Created consumer for mfid0p4. vdev_geom_read_guid:301[1]: Reading guid from mfid0p4... vdev_geom_detach:173[1]: Closing access to mfid0p4. vdev_geom_detach:177[1]: Destroyed consumer to mfid0p4. vdev_geom_open_by_path:477[1]: guid mismatch for provider /dev/mfid0p4: 15029269312013869400 != 0. vdev_geom_open_by_guid:435[1]: Searching by guid [15029269312013869400]. vdev_geom_read_guid:301[1]: Reading guid from acd0... vdev_geom_read_guid:301[1]: Reading guid from mfid0p4... vdev_geom_read_guid:301[1]: Reading guid from mfid0p3... vdev_geom_read_guid:339[1]: guid for mfid0p3 is 9402336837364771330 vdev_geom_read_guid:301[1]: Reading guid from mfid0p2... vdev_geom_read_guid:301[1]: Reading guid from mfid0p1... vdev_geom_read_guid:301[1]: Reading guid from gptid/85a347ae-0b3f-11df-84de-001ec9b0c152... vdev_geom_read_guid:301[1]: Reading guid from ufsid/4b6033ebc4edab5d... vdev_geom_read_guid:301[1]: Reading guid from gptid/2f7b4cd6-e983-11de-ac17-001ec9b0c152... vdev_geom_read_guid:301[1]: Reading guid from gptid/2f7aa939-e983-11de-ac17-001ec9b0c152... vdev_geom_read_guid:301[1]: Reading guid from mfid0... vdev_geom_open_by_guid:449[1]: Search by guid [15029269312013869400] failed. vdev_geom_open_by_path:466[1]: Found provider by name /dev/mfid0p4. vdev_geom_attach:112[1]: Attaching to mfid0p4. vdev_geom_open:521[1]: Provider /dev/mfid0p4 not found. But # gpart list Geom name: mfid0 fwheads: 255 fwsectors: 63 last: 570949598 first: 34 entries: 128 scheme: GPT Providers: 1. Name: mfid0p1 Mediasize: 65536 (64K) Sectorsize: 512 Mode: r0w0e0 rawtype: 83bd6b9d-7f41-11dc-be0b-001560b84f0f label: (null) length: 65536 offset: 17408 type: freebsd-boot index: 1 end: 161 start: 34 2. Name: mfid0p2 Mediasize: 124354560 (119M) Sectorsize: 512 Mode: r0w0e0 rawtype: 516e7cb5-6ecf-11d6-8ff8-00022d09712b label: (null) length: 124354560 offset: 82944 type: freebsd-swap index: 2 end: 243041 start: 162 3. Name: mfid0p3 Mediasize: 6442449920 (6.0G) Sectorsize: 512 Mode: r1w1e1 rawtype: 516e7cba-6ecf-11d6-8ff8-00022d09712b label: (null) length: 6442449920 offset: 124437504 type: freebsd-zfs index: 3 end: 12825951 start: 243042 4. Name: mfid0p4 Mediasize: 285759307264 (266G) Sectorsize: 512 Mode: r0w0e0 rawtype: 516e7cba-6ecf-11d6-8ff8-00022d09712b label: (null) length: 285759307264 offset: 6566887424 type: freebsd-zfs index: 4 end: 570949598 start: 12825952 Consumers: 1. Name: mfid0 Mediasize: 292326211584 (272G) Sectorsize: 512 Mode: r1w1e2 Any ideas ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: cannot create 'tank': permission denied
Looks like it is the same issue as there http://groups.google.com/group/muc.lists.freebsd.fs/browse_thread/thread/8bc6c68057e5d416 but still don't know how to fix 27.01.10, 21:02, Baginski Darren kick...@ya.ru: Hi! Getting weird error #zpool create tank mfid0p4 cannot create 'tank': permission denied On dmesg: vdev_geom_open_by_path:466[1]: Found provider by name /dev/mfid0p4. vdev_geom_attach:112[1]: Attaching to mfid0p4. vdev_geom_attach:153[1]: Created consumer for mfid0p4. vdev_geom_read_guid:301[1]: Reading guid from mfid0p4... vdev_geom_detach:173[1]: Closing access to mfid0p4. vdev_geom_detach:177[1]: Destroyed consumer to mfid0p4. vdev_geom_open_by_path:477[1]: guid mismatch for provider /dev/mfid0p4: 15029269312013869400 != 0. vdev_geom_open_by_guid:435[1]: Searching by guid [15029269312013869400]. vdev_geom_read_guid:301[1]: Reading guid from acd0... vdev_geom_read_guid:301[1]: Reading guid from mfid0p4... vdev_geom_read_guid:301[1]: Reading guid from mfid0p3... vdev_geom_read_guid:339[1]: guid for mfid0p3 is 9402336837364771330 vdev_geom_read_guid:301[1]: Reading guid from mfid0p2... vdev_geom_read_guid:301[1]: Reading guid from mfid0p1... vdev_geom_read_guid:301[1]: Reading guid from gptid/85a347ae-0b3f-11df-84de-001ec9b0c152... vdev_geom_read_guid:301[1]: Reading guid from ufsid/4b6033ebc4edab5d... vdev_geom_read_guid:301[1]: Reading guid from gptid/2f7b4cd6-e983-11de-ac17-001ec9b0c152... vdev_geom_read_guid:301[1]: Reading guid from gptid/2f7aa939-e983-11de-ac17-001ec9b0c152... vdev_geom_read_guid:301[1]: Reading guid from mfid0... vdev_geom_open_by_guid:449[1]: Search by guid [15029269312013869400] failed. vdev_geom_open_by_path:466[1]: Found provider by name /dev/mfid0p4. vdev_geom_attach:112[1]: Attaching to mfid0p4. vdev_geom_open:521[1]: Provider /dev/mfid0p4 not found. But # gpart list Geom name: mfid0 fwheads: 255 fwsectors: 63 last: 570949598 first: 34 entries: 128 scheme: GPT Providers: 1. Name: mfid0p1 Mediasize: 65536 (64K) Sectorsize: 512 Mode: r0w0e0 rawtype: 83bd6b9d-7f41-11dc-be0b-001560b84f0f label: (null) length: 65536 offset: 17408 type: freebsd-boot index: 1 end: 161 start: 34 2. Name: mfid0p2 Mediasize: 124354560 (119M) Sectorsize: 512 Mode: r0w0e0 rawtype: 516e7cb5-6ecf-11d6-8ff8-00022d09712b label: (null) length: 124354560 offset: 82944 type: freebsd-swap index: 2 end: 243041 start: 162 3. Name: mfid0p3 Mediasize: 6442449920 (6.0G) Sectorsize: 512 Mode: r1w1e1 rawtype: 516e7cba-6ecf-11d6-8ff8-00022d09712b label: (null) length: 6442449920 offset: 124437504 type: freebsd-zfs index: 3 end: 12825951 start: 243042 4. Name: mfid0p4 Mediasize: 285759307264 (266G) Sectorsize: 512 Mode: r0w0e0 rawtype: 516e7cba-6ecf-11d6-8ff8-00022d09712b label: (null) length: 285759307264 offset: 6566887424 type: freebsd-zfs index: 4 end: 570949598 start: 12825952 Consumers: 1. Name: mfid0 Mediasize: 292326211584 (272G) Sectorsize: 512 Mode: r1w1e2 Any ideas ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Здесь спама нет http://mail.yandex.ru/nospam/sign ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
permission denied
hello i have tried installing free bsd version 7.0 and 8.0 but when i try to install the packages from the cd rom i get the message permission denied i just want a graphical interface or my version to work with kde ps i am loged in as a root user thank you __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: permission denied
Can you please document the process from the beginning to how you are receiving this error? This will greatly help in diagnosing the issue. Thanks, Jason On Mon, Jan 11, 2010 at 07:48:44PM -0800, Daniel Papadopoulos thus spake: hello i have tried installing free bsd version 7.0 and 8.0 but when i try to install the packages from the cd rom i get the message permission denied i just want a graphical interface or my version to work with kde ps i am loged in as a root user thank you __ The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
file and directory permission
Hi there. I have been using FreeBSD for some time but my skill is getting really rusty. I install nginx via the ports collection and it works just fine. The data files (html) is located in /usr/local/www/ and the directory permission is as follows: drwxrwxr-x 5 root wheel512 Dec 20 15:54 www and I changed the user/group permission like this: # chown -R www:www /usr/local/www # chmod -R 775 /usr/local/www My id is user and looks like this: # id user uid=1001(user) gid=1001(user) groups=1001(user),0(wheel),80(www) I am trying to create a file in the /usr/local/www and I can't. Is there something wrong I did here? TIA for answers. Roby ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: file and directory permission
Roby Sadeli wrote: Hi there. I have been using FreeBSD for some time but my skill is getting really rusty. I install nginx via the ports collection and it works just fine. The data files (html) is located in /usr/local/www/ and the directory permission is as follows: drwxrwxr-x 5 root wheel512 Dec 20 15:54 www and I changed the user/group permission like this: # chown -R www:www /usr/local/www # chmod -R 775 /usr/local/www My id is user and looks like this: # id user uid=1001(user) gid=1001(user) groups=1001(user),0(wheel),80(www) I am trying to create a file in the /usr/local/www and I can't. Is there something wrong I did here? Well, yes. But not really anything to do with your principle aim of being able to edit your web content as a mortal user. You've opened up a bit of a security hole by your changes. It's a common misconception that because the www directory is somehow the territory of the web server, then the UID the web server runs as should own the files and directories under it. This is actually a pretty bad idea, because it means that anyone suborning your web server can then deface your web content. This sort of attack is generally through a cgi script or through PHP or other applications run with the credentials of your web server, but in principle it can apply to a web server daemon serving up nothing by static content if the daemon has buffer overflow or similar vulnerabilities. If the web server needs to handle uploaded files then this should be set up to go to a distinct writable area preferably somewhere completely separate from /usr/local/www. Or in other words, to achieve the aim you want, do this: * Create a new group for people that are allowed to edit the web content to belong to. eg: # pw group add -n wwwdev * Give that group ownership of the files under the web-root: # chown -R root:webdev /usr/local/www * Make files and directories under the web-root group writeable,but not world writeable: # chmod -R g+w,o-w /usr/local/www * Add your own UID as a member of the wwwdev group: # pw group mod -n wwwdev -m user * Log out and log back in again to update the group membership in your active session. [Note: this doesn't happen automatically just by modifying /etc/groups -- you need to start a new session] * Possibly adjust the umask setting in your shell initialization files to umask=002 -- this means by default files you create will be *group* writeable. note: due to BSD filesystem semantics files will inherit the group ownership from the directory they are created in. On some other Unixoid OSes you would need to have the directories SGID to achieve the same effect. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Jails: /bin/tcsh: Permission Denied
Hey list, I'm setting up jails on my system. I started with a httpd jail for nginx and php to run in. I used ezjail to create it. I went through all the steps, and got a jail setup and working. I've logged in and out several times and installed a couple ports within the jail. I then added a non-privileged user by running adduser as root. However, that is when the problem came up. For some reason, I cannot switch to the unprivileged user. The shell is giving me a Permission Denied error. # su - jailuser su: no directory # su jailuser su: /bin/tcsh: Permission denied The line in /etc/passwd of the jail: jailuser:*:1001:1001:User :/home/jailuser:/bin/tcsh The host and jail are running 7.2-RELEASE-p4. /bin/tcsh is listed in /etc/shells. I tried running pwd_mkdb /etc/master.passwd to no avail. Any ideas on why I am getting a permission denied error? More info, if needed: Mount on the host system: /dev/ad2s1a on / (ufs, local, noatime) devfs on /dev (devfs, local) /dev/ufs/tmp on /tmp (ufs, local, noatime, soft-updates) /dev/ad2s1f on /usr (ufs, local, noatime, soft-updates) /dev/ad2s1e on /var (ufs, local, noatime, soft-updates) /usr/jails/basejail on /usr/jails/httpd/basejail (nullfs, local, read-only) devfs on /usr/jails/httpd/dev (devfs, local) Mount on the jail: /dev/ad2s1f on / (ufs, local, noatime, soft-updates) /etc/fstab.httpd on host: /usr/jails/basejail /usr/jails/httpd/basejail nullfs ro 0 0 # ls -al /usr/jails/ drwx-- 9 root wheel 512 Oct 5 05:34 basejail drwx-- 3 root wheel 512 Oct 5 05:34 flavours drwx-- 12 root wheel 512 Oct 5 07:49 httpd drwxr-xr-x 12 root wheel 512 Oct 5 05:34 newjail Thanks. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
APseudoUtopia apseudouto...@gmail.com wrote: I'm setting up jails on my system. I started with a httpd jail for nginx and php to run in. I used ezjail to create it. I went through all the steps, and got a jail setup and working. I've logged in and out several times and installed a couple ports within the jail. I then added a non-privileged user by running adduser as root. However, that is when the problem came up. For some reason, I cannot switch to the unprivileged user. The shell is giving me a Permission Denied error. What are the permissions on /bin/tcsh inside the jail? Is it executable? Are the permissions of all of its libraries correct? (ldd /bin/tcsh will list the libs.) Are the permissions on the home directory correct? If everything else fails, trace the shell inside the jail (with strace, truss or ktrace). It will list the exact system call that fails. By the way, I recommend that jails which contain daemons (such as webservers, databases etc.) do not contain login accounts. In fact, I never put /bin/tcsh inside a jail that contains a webserver. Apache certainly doesn't need it. Some ports do need /bin/csh during the build process, but for building ports I recommend to use a separate jail anyway, create packages and pkg_add them in the actual webserver jail. Just my 2 cents. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd $ dd if=/dev/urandom of=test.pl count=1 $ file test.pl test.pl: perl script text executable ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 5:51 AM, Oliver Fromme o...@lurza.secnetix.de wrote: APseudoUtopia apseudouto...@gmail.com wrote: I'm setting up jails on my system. I started with a httpd jail for nginx and php to run in. I used ezjail to create it. I went through all the steps, and got a jail setup and working. I've logged in and out several times and installed a couple ports within the jail. I then added a non-privileged user by running adduser as root. However, that is when the problem came up. For some reason, I cannot switch to the unprivileged user. The shell is giving me a Permission Denied error. What are the permissions on /bin/tcsh inside the jail? Is it executable? Are the permissions of all of its libraries correct? (ldd /bin/tcsh will list the libs.) Are the permissions on the home directory correct? If everything else fails, trace the shell inside the jail (with strace, truss or ktrace). It will list the exact system call that fails. By the way, I recommend that jails which contain daemons (such as webservers, databases etc.) do not contain login accounts. In fact, I never put /bin/tcsh inside a jail that contains a webserver. Apache certainly doesn't need it. Some ports do need /bin/csh during the build process, but for building ports I recommend to use a separate jail anyway, create packages and pkg_add them in the actual webserver jail. Just my 2 cents. Best regards Oliver Hi, Thanks for the tips. I'm new to jails, and I didn't think it was possible to build a jail without tcsh. What shell do you use then? Just /bin/sh? /bin/tcsh works for fine for root. I log into the jail by using the ezjail-admin console option, which in turn executes /usr/bin/login. It logs in as root with a working tcsh shell. I've even changed the prompt of the shell in /root/.cshrc within the jail. I don't think it's the tcsh binary itself, rather some other permission. However, the information you asked for is below. As a matter-of-fact, I first ran into this problem when my web server (nginx) received a permission denied error for every file. While debugging it, I was asked to su to the www user. This is when I ran into this problem of getting a permission denied error for tcsh. -r-xr-xr-x 2 root wheel 311400 Oct 5 05:34 /bin/tcsh /bin/tcsh: libncurses.so.7 = /lib/libncurses.so.7 (0x280c5000) libcrypt.so.4 = /lib/libcrypt.so.4 (0x28104000) libc.so.7 = /lib/libc.so.7 (0x2811d000) -r--r--r-- 1 root wheel 258572 Oct 5 05:34 /lib/libncurses.so.7 -r--r--r-- 1 root wheel 32020 Oct 5 05:34 /lib/libcrypt.so.4 -r--r--r-- 1 root wheel 993092 Oct 5 05:34 /lib/libc.so.7 drwxr-xr-x 3 root wheel 512 Oct 5 07:49 home drwxr-xr-x 2 jailuser jailuser 512 Oct 5 07:49 jailuser The truss trace is on a pastebin (the output seemed too long for an email) located at http://pastebin.ca/1594445 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 9:19 AM, APseudoUtopia apseudouto...@gmail.com wrote: On Mon, Oct 5, 2009 at 5:51 AM, Oliver Fromme o...@lurza.secnetix.de wrote: APseudoUtopia apseudouto...@gmail.com wrote: I'm setting up jails on my system. I started with a httpd jail for nginx and php to run in. I used ezjail to create it. I went through all the steps, and got a jail setup and working. I've logged in and out several times and installed a couple ports within the jail. I then added a non-privileged user by running adduser as root. However, that is when the problem came up. For some reason, I cannot switch to the unprivileged user. The shell is giving me a Permission Denied error. What are the permissions on /bin/tcsh inside the jail? Is it executable? Are the permissions of all of its libraries correct? (ldd /bin/tcsh will list the libs.) Are the permissions on the home directory correct? If everything else fails, trace the shell inside the jail (with strace, truss or ktrace). It will list the exact system call that fails. By the way, I recommend that jails which contain daemons (such as webservers, databases etc.) do not contain login accounts. In fact, I never put /bin/tcsh inside a jail that contains a webserver. Apache certainly doesn't need it. Some ports do need /bin/csh during the build process, but for building ports I recommend to use a separate jail anyway, create packages and pkg_add them in the actual webserver jail. Just my 2 cents. Best regards Oliver Hi, Thanks for the tips. I'm new to jails, and I didn't think it was possible to build a jail without tcsh. What shell do you use then? Just /bin/sh? /bin/tcsh works for fine for root. I log into the jail by using the ezjail-admin console option, which in turn executes /usr/bin/login. It logs in as root with a working tcsh shell. I've even changed the prompt of the shell in /root/.cshrc within the jail. I don't think it's the tcsh binary itself, rather some other permission. However, the information you asked for is below. As a matter-of-fact, I first ran into this problem when my web server (nginx) received a permission denied error for every file. While debugging it, I was asked to su to the www user. This is when I ran into this problem of getting a permission denied error for tcsh. -r-xr-xr-x 2 root wheel 311400 Oct 5 05:34 /bin/tcsh /bin/tcsh: libncurses.so.7 = /lib/libncurses.so.7 (0x280c5000) libcrypt.so.4 = /lib/libcrypt.so.4 (0x28104000) libc.so.7 = /lib/libc.so.7 (0x2811d000) -r--r--r-- 1 root wheel 258572 Oct 5 05:34 /lib/libncurses.so.7 -r--r--r-- 1 root wheel 32020 Oct 5 05:34 /lib/libcrypt.so.4 -r--r--r-- 1 root wheel 993092 Oct 5 05:34 /lib/libc.so.7 drwxr-xr-x 3 root wheel 512 Oct 5 07:49 home drwxr-xr-x 2 jailuser jailuser 512 Oct 5 07:49 jailuser The truss trace is on a pastebin (the output seemed too long for an email) located at http://pastebin.ca/1594445 Sorry to reply again, but I have some further information. I used chpass to change the shell of the jailuser account. I tried /bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the same Permission denied error. Even nologin gave Permission denied instead of This account is currently not available. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 1:24 PM, APseudoUtopia apseudouto...@gmail.com wrote: [snip] Sorry to reply again, but I have some further information. I used chpass to change the shell of the jailuser account. I tried /bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the same Permission denied error. Even nologin gave Permission denied instead of This account is currently not available. What happens with /bin/false ? -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 9:28 AM, Glen Barber glen.j.bar...@gmail.com wrote: On Mon, Oct 5, 2009 at 1:24 PM, APseudoUtopia apseudouto...@gmail.com wrote: [snip] Sorry to reply again, but I have some further information. I used chpass to change the shell of the jailuser account. I tried /bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the same Permission denied error. Even nologin gave Permission denied instead of This account is currently not available. What happens with /bin/false ? -- Glen Barber Same thing: jailuser:*:1001:1001:User :/home/jailuser:/bin/false # su jailuser su: /bin/false: Permission denied ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 1:30 PM, APseudoUtopia apseudouto...@gmail.com wrote: On Mon, Oct 5, 2009 at 9:28 AM, Glen Barber glen.j.bar...@gmail.com wrote: On Mon, Oct 5, 2009 at 1:24 PM, APseudoUtopia apseudouto...@gmail.com wrote: [snip] Sorry to reply again, but I have some further information. I used chpass to change the shell of the jailuser account. I tried /bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the same Permission denied error. Even nologin gave Permission denied instead of This account is currently not available. What happens with /bin/false ? -- Glen Barber Same thing: jailuser:*:1001:1001:User :/home/jailuser:/bin/false # su jailuser su: /bin/false: Permission denied Have you created another user to test? FWIW, I was wrong about the location of 'false' - it is /usr/bin/false, not /bin/false - you should have received 'command not found'. -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 1:33 PM, Glen Barber glen.j.bar...@gmail.com wrote: [snip] jailuser:*:1001:1001:User :/home/jailuser:/bin/false # su jailuser su: /bin/false: Permission denied Also, check the permissions on /home/jailuser -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
On Mon, Oct 5, 2009 at 4:08 AM, APseudoUtopia apseudouto...@gmail.com wrote: Hey list, I'm setting up jails on my system. I started with a httpd jail for nginx and php to run in. I used ezjail to create it. I went through all the steps, and got a jail setup and working. I've logged in and out several times and installed a couple ports within the jail. I then added a non-privileged user by running adduser as root. However, that is when the problem came up. For some reason, I cannot switch to the unprivileged user. The shell is giving me a Permission Denied error. [snip] I have solved the problem with the help of Google and this thread: https://elektropost.org/ezjail/threads.html#00263 The permissions on the HOST for /usr/jails/httpd and /usr/jails/basejail were set incorrectly. When I installed the jail, I used umask 0077. Those jail directories needed to be chmod'ed 755. Everything works successfully now. Thanks very much for the tips, suggestions, and overall help. If I hadn't found that ezjail mailing list thread, I would've been ripping my hair out for days. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
APseudoUtopia wrote: Thanks for the tips. I'm new to jails, and I didn't think it was possible to build a jail without tcsh. What shell do you use then? Just /bin/sh? I never log into a jail. There's no reason to do that. However, usually /bin/sh is required to run scripts, cron jobs and other things. Also, some library functions such as system(3) and popen(3) require /bin/sh. Those functions are used by many programs. So, bascially, you will almost always need to have /bin/sh in a jail. But that doesn't mean that you have any login accounts inside the jail. Usually the passwd inside your jail should only contain root and a few pseudo users. The pseudo users (including root) should have no valid password, no valid login shell, and in most cases no valid home directory. There's no reason to make things easier for intruders. Of course, that's only true for jails that contain services (i.e. daemons). If you want to put shell users inside jails, that's a completely different thing. (I'm not using ezjail, FWIW.) -r-xr-xr-x 2 root wheel 311400 Oct 5 05:34 /bin/tcsh /bin/tcsh: libncurses.so.7 = /lib/libncurses.so.7 (0x280c5000) libcrypt.so.4 = /lib/libcrypt.so.4 (0x28104000) libc.so.7 = /lib/libc.so.7 (0x2811d000) -r--r--r-- 1 root wheel 258572 Oct 5 05:34 /lib/libncurses.so.7 -r--r--r-- 1 root wheel 32020 Oct 5 05:34 /lib/libcrypt.so.4 -r--r--r-- 1 root wheel 993092 Oct 5 05:34 /lib/libc.so.7 drwxr-xr-x 3 root wheel 512 Oct 5 07:49 home drwxr-xr-x 2 jailuser jailuser 512 Oct 5 07:49 jailuser Looks good. The only thing I noticed is that your /etc/login.conf.db doesn't seem to be world-readable. It should have permissions 644, but has only 600. However, I'm not sure if this might cause the kind of problem you're seeing. But fixing the permissions is certainly worth a try. The truss trace is on a pastebin (the output seemed too long for an email) located at http://pastebin.ca/1594445 Other than that, I didn't notice anything unusual in the trace. Sorry to reply again, but I have some further information. I used chpass to change the shell of the jailuser account. I tried /bin/sh, /bin/csh, /bin/tcsh, and /sbin/nologin. All of those gave the same Permission denied error. Even nologin gave Permission denied instead of This account is currently not available. Yeah, when the trace aborts, it is still executing the su binary. It doesn't get as far as actually trying to execute the shell. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd We, the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing. -- Mother Teresa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Jails: /bin/tcsh: Permission Denied
APseudoUtopia apseudouto...@gmail.com wrote: The permissions on the HOST for /usr/jails/httpd and /usr/jails/basejail were set incorrectly. When I installed the jail, I used umask 0077. You should _never_ have umask 077 as root. It will cause all kinds of weird problems. It's best to keep the umask at the default of 022, unless you specifically know that you need a different one for a certain installation. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd We, the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing. -- Mother Teresa ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
per...@pluto.rain.com wrote: RW rwmailli...@googlemail.com wrote: On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition ... isn't that the same issue that Matthew Seaman was saying was fixed years ago ... and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. Er, I'm pretty sure it _does_ require support in the interpreter. It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. This approach is exactly the careful cooperation between the kernel and the interpreter that I was referring to. Errr -- no. That's what fdescfs(5) is for. When the kernel execs the interpreter, it tells the script to open /dev/fd/5 (for example) and doing that just connects the script to the open file descriptor the kernel used previously to taste the magic number and the #! line of the script. As fdescfs(5) says: [...] the call: fd = open(/dev/fd/0, mode); and the call: fd = fcntl(0, F_DUPFD, 0); are equivalent. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SUID permission on Bash script
Matthew Seaman m.sea...@infracaninophile.co.uk wrote: It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. Errr -- no. That's what fdescfs(5) is for. When the kernel execs the interpreter, it tells the script to open /dev/fd/5 (for example) and doing that just connects the script to the open file descriptor the kernel used previously to taste the magic number and the #! line of the script. which -- again absent some special arrangement in the interpreter -- would cause the script to receive $0 as /dev/fd/5 instead of the actual name of the script, no? I'd expect this to at least break any messages that the script might try to produce via constructs like echo $0: whatever ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
Michael David Crawford m...@prgmr.com wrote: It's not that setuid shell scripts are really more inherently insecure than programs written in C. Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
per...@pluto.rain.com wrote: Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Wow. I had no idea. A while back a coworker asked me to help figure out why he couldn't get his script to run setuid on Linux. Some investigation turned up that the Linux kernel explicitly forbids setuid programs whose first two bytes are # and !. So it disables even setuid scripts that don't use the shell, like Python or Perl scripts. I came across a page that explained all the different ways setuid scripts could screw up - one would have to be a rocket scientist to avoid all the potential pitfalls. Mike -- Michael David Crawford m...@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Sat, 29 Aug 2009 00:17:24 -0700, Michael David Crawford m...@prgmr.com wrote: I came across a page that explained all the different ways setuid scripts could screw up - one would have to be a rocket scientist to avoid all the potential pitfalls. Hi Michael, It would be a very useful addition to the list archives if you pointed at the URI of the page. This way future readers will find it too :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Michael David Crawford m...@prgmr.com wrote: It's not that setuid shell scripts are really more inherently insecure than programs written in C. Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. But is isn't that the same issue that Matthew Seaman was saying was fixed years ago (in the link I gave before), and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, Aug 28, 2009 at 08:10:59PM -0600, Tim Judd wrote: On 8/28/09, RW rwmailli...@googlemail.com wrote: On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? It doesn't work because the system does not allow it - for security reasons. You could fish around and defeat that but don't. The most common way to get around it is create a tiny binary that can run Setuid which merely invokes your script. The better way is to use Sudo as has been suggested already in this thread. jerry --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
RW wrote: On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Michael David Crawford m...@prgmr.com wrote: It's not that setuid shell scripts are really more inherently insecure than programs written in C. Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. But is isn't that the same issue that Matthew Seaman was saying was fixed years ago (in the link I gave before), and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. The race condition between the kernel opening the script and the interpreter doing so should certainly be fixed in any Unix or Linux distribution available today. Either, as above, by the kernel passing an open file descriptor to the invoked script, or simply by ignoring any setuid or setgid bits on interpreted scripts. There are other attacks against SUID scripts -- see for instance: http://www.tech-faq.com/suid-root-script-binary.shtml http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html most of which work by exploiting the sort of features of the scripting language that make it into a powerful and useful tool. Almost all of these sort of exploits can be avoided by careful programming -- for instance, always explicitly setting $IFS and $PATH to known good values, or using the one set of command line flags allowed on the #! line to block the '-i' trick (ie. use '#!/bin/sh --' which forces any subsequent items on the command line to be treated as files rather than command options). However, you (the programmer) would have to know all about the various tricks for exploiting suid-ness in order to counter them. The preferred way of running a script SUID is to write a very small C wrapper program that can be made SUID and that executes the script after gaining increased privileges. Done well, this is definitely the best and most secure approach. Note however that the C wrapper must be similarly as carefully written as a suid script or many of the same exploits could still be possible. So, unless you are an expert programmer and understand how to defend your code against attack, your best bet really is to just use sudo(8). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SUID permission on Bash script
Perhaps a better idea than a setuid shell script, would be to figure out just what it is about your script that really needs to be executed as root. When write a C program that can do just that one thing - and absolutely nothing else. If it takes any kind of input, or command line parameters, then it must validate them very carefully, to ensure that it's not being misused. Then your script could call that C program whenever it needs that privileged operation performed. Suppose you were to give the keys to your Lamborghini to a parking attendant. Wouldn't you want to trust that he wasn't going to sell your Lamborghini to a chop shop? Writing a setuid program is just like that: writing one poorly is like handing your race car keys to a car thief. He might not steal your car today, but if you're not careful about how you hand out your trust, he will someday. Mike -- Michael David Crawford m...@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
RW rwmailli...@googlemail.com wrote: On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition ... isn't that the same issue that Matthew Seaman was saying was fixed years ago ... and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. Er, I'm pretty sure it _does_ require support in the interpreter. It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. This approach is exactly the careful cooperation between the kernel and the interpreter that I was referring to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SUID permission on Bash script
Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
Aham! so SUID can be applied to sh but it doesn't work!, there is not anyway to apply it? apart from installing sudo?, The thing is that installing sudo and adding that user into sudoers, that user will be capable to do any other SU tasks, apart of shutting down... wich i dont like :D (I know that SUID could be even worst if they edit the .sh file... but lets believe they dont even know that XD) Cheers! 2009/8/28 Giorgos Keramidas keram...@ceid.upatras.gr On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Friday 28 August 2009 10:54:19 Giorgos Keramidas wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: [snip] The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now Or (assuming it doesn't grant too many other privileges) just put the user in group operator. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, Aug 28, 2009 at 10:01:54AM +0100, Jeronimo Calvo wrote: 2009/8/28 Giorgos Keramidas keram...@ceid.upatras.gr On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now so SUID can be applied to sh but it doesn't work!, there is not anyway to apply it? apart from installing sudo?, The thing is that installing sudo and adding that user into sudoers, that user will be capable to do any other SU tasks, apart of shutting down... wich i dont like :D (I know that SUID could be even worst if they edit the .sh file... but lets believe they dont even know that XD) Please refrain from top-posting. It's both confusing and inconsiderate for anyone trying to read what you write or otherwise trying follow a discussion. First, as has already been pointed out, your approach is A Really Bad Idea and will lead nowhere so forget it. Second, you're misunderstanding sudo. From sudo(8): sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. Note the as specified. For example, if the sudoers file contains nothing but john ALL= NOPASSWD: /usr/sbin/shutdown then John (and only John) can use sudo to execute /usr/sbin/shutdown, but can't use sudo to execute any other commands. As an alternative to installing sudo, you can add your user to the operator group: pw groupmod operator -m john but be sure to understand the ramifications before doing so. -- George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: content of script: ]#!/usr/local/bin/bash ^ This ] doesn't belong to the script, does it? Furthermore, why do you employ bash for calling another program? It's standard to use sh (#!/bin/sh) if you don't use bash-specific commands and constructs, and I don't see them here. If you care for portablility, such a script is an absulute no-go. Furthermore, in order to perform shutdown -p now it's more convenient to use the sudo command (from ports) and add a rule (for maximum security) for the specific user who you want to be able to run this command. Finally, it's possible to place the user in question into the group operator, then he can perform the above command without needing (1st) sudo and (2nd) bash. Look at the permissions of the shutdown program: -r-sr-x--- 1 root operator /sbin/shutdown* Members of operator are +x for this binary. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On 8/28/09, RW rwmailli...@googlemail.com wrote: On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 20:10:59 -0600, Tim Judd taj...@gmail.com wrote: Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? What is the difference of the script and the interpreter? The script is read and executed by the shell, the script itself isn't runnable at all. The itnerpreter specified by #! is executed and then starts to process the script. Is the interpreter running at SUID? Are the commands (child processes) that it executes (fork) running at SUID? But let us continue this consideration: If the shell process would be replaced by the command that is called, would it make a difference? Compare #!/bin/sh - this starts /bin/sh shutdown -p now - /bin/sh starts child shutdown to #!/bin/sh - this starts /bin/sh exec shutdown -p now- /bin/sh replaced by shutdown Hmmm... do I see this correctly? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Sat, 29 Aug 2009 02:24:31 +0100, RW rwmailli...@googlemail.com wrote: On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? If you hack at the kernel it may still be possible to run a script with setuid or setgid permissions. IMO there is still the possibility for many things to go wrong, especially with quick and dirty scripts. For example, what do you think will happen if a setuid script forgets to properly quote filenames in commands like: foo=$1 pidfile=/tmp/$foo.pid echo $$ $pidfile # cleanup my pidfile truncate -s $pidfile and then I run the script with: setuid.sh /etc/master.passwd /tmp/foo If you guessed that the pid value was not saved anywhere, that because of the lack of error checking nobody noticed, and that the final truncate command may have just wiped your `master.passwd' file your guess is probably right. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
RW wrote: So are scripts actually incapable of running setuid? They aren't on Linux. I learned about that a while back when I investigated setuid scripts for a coworker. It's not that setuid shell scripts are really more inherently insecure than programs written in C. The problem is more that those who write such scripts tend not to observe the proper precautions. For example if you don't set the PATH explicitly, and you don't give absolute pathnames to all the subprograms you run, then a trojan that has the same name as some standard program can get run as root. If a program is going to be setuid at all, you really have to know what you're doing when you write it or else you'll find yourself opening a can of worms. Mike -- Michael David Crawford m...@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Permission Denied for find command; No idea why
Hey. I've been writing a set of sh backup scripts over the past few days. I'm having some trouble with the final thing with them. This is the command that is being run by the www user via cron: /usr/bin/find /usr/local/backups/ -ctime +7d -type f -not -name *daily_backup* -ls (Eventually, I'm going to change the -ls to -delete) This is the ls -al of /usr/local/backups: drwxrwx--- 2 www wheel512 Nov 13 04:29 . drwxr-xr-x 15 root wheel512 Nov 12 20:24 .. -rw--- 1 www wheel 22250785 Nov 13 04:18 2008-11-13.mysql-main.sql -rw--- 1 www wheel 124781 Nov 13 04:18 2008-11-13.mysql-staffwiki.sql -rw--- 1 www wheel 674306 Nov 13 04:18 2008-11-13.mysql-wiki.sql -rw--- 1 www wheel 111845376 Nov 13 04:18 2008-11-13.www.tar -r-xrw 1 www wheel 8109 Nov 13 04:16 daily_backup.sh For some reason, the find command above is getting a permission denied. And, again, the find command is being run by the www user, who owns the files and dir. The exact message is: find: .: Permission denied The find permissions: -r-xr-xr-x 1 root wheel 36800 Oct 23 01:17 /usr/bin/find Also, all dirs above /usr/local/backups (/usr and /usr/local) are +x for the other user, so the www should be able to enter them: drwxr-xr-x 17 root wheel 512 Nov 12 20:38 usr drwxr-xr-x 15 root wheel 512 Nov 12 20:24 local Does anyone have any idea what's causing this permission denied error? Obviously it's some sort of permissions problem, but I have no idea where or what exactly it is. It's driving me crazy. Thanks a lot in advance. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permission Denied for find command; No idea why
On Thu, Nov 13, 2008 at 12:16:24AM -0500, APseudoUtopia wrote: Hey. I've been writing a set of sh backup scripts over the past few days. I'm having some trouble with the final thing with them. This is the command that is being run by the www user via cron: /usr/bin/find /usr/local/backups/ -ctime +7d -type f -not -name *daily_backup* -ls (Eventually, I'm going to change the -ls to -delete) This is the ls -al of /usr/local/backups: drwxrwx--- 2 www wheel512 Nov 13 04:29 . drwxr-xr-x 15 root wheel512 Nov 12 20:24 .. -rw--- 1 www wheel 22250785 Nov 13 04:18 2008-11-13.mysql-main.sql -rw--- 1 www wheel 124781 Nov 13 04:18 2008-11-13.mysql-staffwiki.sql -rw--- 1 www wheel 674306 Nov 13 04:18 2008-11-13.mysql-wiki.sql -rw--- 1 www wheel 111845376 Nov 13 04:18 2008-11-13.www.tar -r-xrw 1 www wheel 8109 Nov 13 04:16 daily_backup.sh For some reason, the find command above is getting a permission denied. And, again, the find command is being run by the www user, who owns the files and dir. The exact message is: find: .: Permission denied The find permissions: -r-xr-xr-x 1 root wheel 36800 Oct 23 01:17 /usr/bin/find Also, all dirs above /usr/local/backups (/usr and /usr/local) are +x for the other user, so the www should be able to enter them: drwxr-xr-x 17 root wheel 512 Nov 12 20:38 usr drwxr-xr-x 15 root wheel 512 Nov 12 20:24 local Does anyone have any idea what's causing this permission denied error? Obviously it's some sort of permissions problem, but I have no idea where or what exactly it is. It's driving me crazy. find: .: Permission denied would only be returned, AFAIK, if you were doing find . someflags, which your find example above does not show. Example: $ id uid=1000(jdc) gid=1000(users) groups=1000(users),0(wheel),20(staff),1002(wwwsite),1501(storage) $ ls -ld /var/heimdal drwx--2 root wheel 512 14 Oct 13:21 /var/heimdal/ $ find /var/heimdal -print /var/heimdal find: /var/heimdal: Permission denied $ $ find /var/db -type d -print 1 /dev/null find: /var/db/entropy: Permission denied find: /var/db/ipf: Permission denied find: /var/db/postfix: Permission denied $ ls -ld /var/db/entropy /var/db/ipf /var/db/postfix drwx--2 operator operator 512 12 Nov 21:22 /var/db/entropy/ drwx--2 root wheel 512 14 Oct 13:21 /var/db/ipf/ drwx--2 postfix wheel 512 6 Nov 04:16 /var/db/postfix/ -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ACLs, permission mask and chmod g=
If I have acls enabled on a file, running chmod g=rw on that file, will not change its group permissions, but the acl mask. That is, running the following command: $ chmod g=rw foo ... is equivalent with $ setfacl -m m::rw- ... and not, as I would suspect: $ setfacl -m g::rw- In other words, foo will not be read/writable by its default group after the command have been run (unless it was already). I find this behaviour to be very confusing. It might be the correct bahaviour, but if so maybe the chmod(1) manpage, and possibly chmod(2), should be updated to document this? Svein Halvor signature.asc Description: OpenPGP digital signature
Re: ACLs, permission mask and chmod g=
You may consider trying chmod 660 filename. 660 - UGW, user group world. For each read, write, and execute is given a number, 4,2,1 repectively. So, 660 would result in rw-rw, a popluar format is 755, rwxr-xr-x. You would simply replace add the numbers together for each division and place them after chmod and before the file to give the permissions you would like. Svein Halvor Halvorsen-4 wrote: If I have acls enabled on a file, running chmod g=rw on that file, will not change its group permissions, but the acl mask. That is, running the following command: $ chmod g=rw foo ... is equivalent with $ setfacl -m m::rw- ... and not, as I would suspect: $ setfacl -m g::rw- In other words, foo will not be read/writable by its default group after the command have been run (unless it was already). I find this behaviour to be very confusing. It might be the correct bahaviour, but if so maybe the chmod(1) manpage, and possibly chmod(2), should be updated to document this? Svein Halvor -- View this message in context: http://www.nabble.com/ACLs%2C-permission-mask-and-chmod-g%3D-tp18893185p18899706.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ACLs, permission mask and chmod g=
acmeinc wrote: You may consider trying chmod 660 filename. It gives the same result. When changing group permission (either way) on a file with acls, you're effectively changing the acl mask instead. Also, if I change acl mask with setfacl, then ls -l will list the permission mask in the group columns in the output. If this is by design, then it isn't documented in chmod(1) (or anywhere else that I can see). It kinda makes sense this way, though. If you chmod the group permission, you change all groups' permissions. But I'd like to see it documented, as it caused me some confusion, and I still think that this isn't obvious. Svein Halvor Halvorsen-4 wrote: If I have acls enabled on a file, running chmod g=rw on that file, will not change its group permissions, but the acl mask. That is, running the following command: $ chmod g=rw foo ... is equivalent with $ setfacl -m m::rw- ... and not, as I would suspect: $ setfacl -m g::rw- In other words, foo will not be read/writable by its default group after the command have been run (unless it was already). I find this behaviour to be very confusing. It might be the correct bahaviour, but if so maybe the chmod(1) manpage, and possibly chmod(2), should be updated to document this? Svein Halvor signature.asc Description: OpenPGP digital signature
Re: ACLs, permission mask and chmod g=
One last thing have you tried; setfacl -s i notice you have -m in your original post. Other than this, I won't have any other insight. Svein Halvor Halvorsen-4 wrote: acmeinc wrote: You may consider trying chmod 660 filename. It gives the same result. When changing group permission (either way) on a file with acls, you're effectively changing the acl mask instead. Also, if I change acl mask with setfacl, then ls -l will list the permission mask in the group columns in the output. If this is by design, then it isn't documented in chmod(1) (or anywhere else that I can see). It kinda makes sense this way, though. If you chmod the group permission, you change all groups' permissions. But I'd like to see it documented, as it caused me some confusion, and I still think that this isn't obvious. Svein Halvor Halvorsen-4 wrote: If I have acls enabled on a file, running chmod g=rw on that file, will not change its group permissions, but the acl mask. That is, running the following command: $ chmod g=rw foo ... is equivalent with $ setfacl -m m::rw- ... and not, as I would suspect: $ setfacl -m g::rw- In other words, foo will not be read/writable by its default group after the command have been run (unless it was already). I find this behaviour to be very confusing. It might be the correct bahaviour, but if so maybe the chmod(1) manpage, and possibly chmod(2), should be updated to document this? Svein Halvor -- View this message in context: http://www.nabble.com/ACLs%2C-permission-mask-and-chmod-g%3D-tp18893185p18900042.html Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ACLs, permission mask and chmod g=
acmeinc wrote: One last thing have you tried; setfacl -s setfacl -s is not documented, and also gives illegal option -- s signature.asc Description: OpenPGP digital signature
spamassasin root file permission
Hi guys, I still have this kind of error: Jul 25 11:08:25 MAIL spamd[78027]: spamd: connection from localhost [127.0.0.1] at port 63402 Jul 25 11:08:25 MAIL spamd[78027]: spamd: processing message [EMAIL PROTECTED] for root:58 Jul 25 11:08:31 MAIL spamd[78027]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /root/.spamassassin/auto-whitelist.lock.MAIL.78027 for /root/.spamassassin/auto-whitelist.lock: Permission denied Jul 25 11:08:31 MAIL spamd[78027]: spamd: identified spam (11.4/5.0) for root:58 in 6.0 seconds, 4966 bytes. Jul 25 11:08:31 MAIL spamd[78027]: spamd: result: Y 11 - HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,URIBL_AB_SURBL,URIBL_RED scantime=6.0,size=4966,user=root,uid=58,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=63402,mid=[EMAIL PROTECTED],autolearn=no my spamd ran like this: /usr/local/bin/spamd -u spamd -H /var/spool/spamd -d -r -m 20 --round-robin\ /var/run/spamd/spamd.pid /usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock Should I also run spamass-milter as '-u spamd -H /var/spool/smapd'? Thanks, alydmc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Postfix logging some OTP related permission denied messages
Hi, I'm running 7.0-RELEASE-p2 (amd64). I'm running Postfix 2.5.1_2,1 mail server instead of the default Sendmail which ships with base distribution. My mail server is working fine with no issues except that I noticed that some messages in /var/log/messages: 88 Jun 29 03:12:45 chateau postfix/smtpd[1159]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 03:18:22 chateau postfix/smtpd[1535]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 03:23:55 chateau postfix/smtpd[1873]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 04:18:25 chateau postfix/smtpd[78118]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 16:07:11 chateau postfix/smtpd[1712]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 16:07:17 chateau postfix/smtpd[1712]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 16:13:30 chateau postfix/smtpd[2125]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied 88 I've not done anything explicitly to turn on support for One-time passwords in my system. Any ideas, reasons behind these messages ? TIA -- ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpHQ2eMHK0cN.pgp Description: PGP signature
Re: Postfix logging some OTP related permission denied messages
आशीष शुक्ल Ashish Shukla wrote: Hi, I'm running 7.0-RELEASE-p2 (amd64). I'm running Postfix 2.5.1_2,1 mail server instead of the default Sendmail which ships with base distribution. My mail server is working fine with no issues except that I noticed that some messages in /var/log/messages: 88 Jun 29 03:12:45 chateau postfix/smtpd[1159]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 03:18:22 chateau postfix/smtpd[1535]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 03:23:55 chateau postfix/smtpd[1873]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 04:18:25 chateau postfix/smtpd[78118]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 16:07:11 chateau postfix/smtpd[1712]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 16:07:17 chateau postfix/smtpd[1712]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jun 29 16:13:30 chateau postfix/smtpd[2125]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied 88 I've not done anything explicitly to turn on support for One-time passwords in my system. Any ideas, reasons behind these messages ? TIA Greetings: I've seen some suggestions which involve making changes for allowing the access to the files, but my thoughts are if you are not making use of this feature this would be tantamount to a small form of security violation. The shortcut is probably just to give the group 'mail' rw permissions to opiekeys and don't overly muck with a config that works correctly. If when you installed Postfix it installed cyrus-sasl as a dependency you might try going into /usr/ports/security/cyrus-sasl2 and doing make config and clearing the checkbox option near the bottom OTP Enable OTP auth, then make deinstall, and make reinstall. However, my Postfix is only an extremely basic install and I've never seen these messages. A snippet from my Postfix main.cf: # sasl config broken_sasl_auth_clients = yes smtpd_sasl_local_domain = smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/usr/local/etc/postfix/sasl_passwd smtp_sasl_security_options = #smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks #smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks and wrt to sasl in /etc/rc.conf I have: saslauthd_enable=YES saslauthd_flags=-a sasldb I've also noticed the following in my /etc/group file, but I believe it has no bearing on this problem. mail:*:6:postfix Since I didn't build Cyrus-SASL without OTP I suspect it is turned on or somehow being activated in your Postfix config. The docs also say there is supposed to be an SASL config file somewhere in /usr/local/lib/sasl2, but I've never seen one. -Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Postfix logging some OTP related permission denied messages
,--- Michael Powell writes: | आशीष शुक्ल Ashish Shukla wrote: || Hi, || || I'm running 7.0-RELEASE-p2 (amd64). I'm running Postfix 2.5.1_2,1 mail || server instead of the default Sendmail which ships with base distribution. || || My mail server is working fine with no issues except that I noticed that || some messages in /var/log/messages: || | 88 || Jun 29 03:12:45 chateau postfix/smtpd[1159]: OTP unavailable because can't || read/write key database /etc/opiekeys: Permission denied Jun 29 03:18:22 || chateau postfix/smtpd[1535]: OTP unavailable because can't read/write key || database /etc/opiekeys: Permission denied Jun 29 03:23:55 chateau || postfix/smtpd[1873]: OTP unavailable because can't read/write key database || /etc/opiekeys: Permission denied Jun 29 04:18:25 chateau || postfix/smtpd[78118]: OTP unavailable because can't read/write key || database /etc/opiekeys: Permission denied Jun 29 16:07:11 chateau || postfix/smtpd[1712]: OTP unavailable because can't read/write key database || /etc/opiekeys: Permission denied Jun 29 16:07:17 chateau || postfix/smtpd[1712]: OTP unavailable because can't read/write key database || /etc/opiekeys: Permission denied Jun 29 16:13:30 chateau || postfix/smtpd[2125]: OTP unavailable because can't read/write key database || /etc/opiekeys: Permission denied 88 || || I've not done anything explicitly to turn on support for One-time || passwords in my system. || || Any ideas, reasons behind these messages ? || || TIA | Greetings: | I've seen some suggestions which involve making changes for allowing the | access to the files, but my thoughts are if you are not making use of this | feature this would be tantamount to a small form of security violation. | The shortcut is probably just to give the group 'mail' rw permissions to | opiekeys and don't overly muck with a config that works correctly. | If when you installed Postfix it installed cyrus-sasl as a dependency you | might try going into /usr/ports/security/cyrus-sasl2 and doing make config | and clearing the checkbox option near the bottom OTP Enable OTP auth, | then make deinstall, and make reinstall. Reinstall cyrus-sasl2 without OTP support worked, and now no more OTP related messages. | -Mike Thanks :) -- ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- pgpByMxNcNFFY.pgp Description: PGP signature
Re: ssh - connect to directory outside of /user/home - permission denied
Turner Litigation Services [Fri, May 30, 2008 at 06:28:26PM -0700]: ssh [EMAIL PROTECTED] /usr/data/pub/ gives permission denied errors. According to the unison manual the syntax in the configuration would be: root = ssh://[EMAIL PROTECTED]//path/to/file If you just want to copy some files, you could also use scp: scp [EMAIL PROTECTED]:/path/to/file . Dominik -- Dominik Meister My public GnuPG key is available at http://www.meisternet.ch/gpg.txt pgpklsVVMNq13.pgp Description: PGP signature
Re: ssh - connect to directory outside of /user/home - permission denied
You could just use: scp [EMAIL PROTECTED]:/home/directory [EMAIL PROTECTED]:/user/home Hope that helps, Turner Litigation Services wrote: How do you allow ssh to permit connections to a folder outside of the /home folder of the user loggin in to ssh? For example, i want to sync two folders (using unison) on different machines and need to ssh to the remote folder .. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ssh - connect to directory outside of /user/home - permission denied
Turner Litigation Services wrote: How do you allow ssh to permit connections to a folder outside of the /home folder of the user loggin in to ssh? For example, i want to sync two folders (using unison) on different machines and need to ssh to the remote folder .. but the folder is a shared folder outside of my home folder (i.e. /user/data/pub). ssh [EMAIL PROTECTED] works to get me into the user folder and I can cd to the folder I need to access (and have proper perms there) But, I need to connect to the folder directly to use unison (file/directory synchronization tool). ssh [EMAIL PROTECTED] /usr/data/pub/ gives permission denied errors. ^^ You are specifying a command to run once ssh connects, not the path to chdir to. I've heard the directory path needs to be relative to the home path but the following does not work either: ssh [EMAIL PROTECTED] ../../../usr/data/pub/ (where the default directory for ssh logins is /usr/home/[username]/.) I've tried formatting variations of the above themes to no avail and suspect there's a setting somewhere to allow what directories ssh connections can be made to, or creating a link in [users] home directory to the public directory. Your help would be appreciated. You could use something similar to: ssh [EMAIL PROTECTED] 'cd /usr/data/pub; unison .' HTH, Yuri ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ssh - connect to directory outside of /user/home - permission denied
How do you allow ssh to permit connections to a folder outside of the /home folder of the user loggin in to ssh? For example, i want to sync two folders (using unison) on different machines and need to ssh to the remote folder .. but the folder is a shared folder outside of my home folder (i.e. /user/data/pub). ssh [EMAIL PROTECTED] works to get me into the user folder and I can cd to the folder I need to access (and have proper perms there) But, I need to connect to the folder directly to use unison (file/directory synchronization tool). ssh [EMAIL PROTECTED] /usr/data/pub/ gives permission denied errors. I've heard the directory path needs to be relative to the home path but the following does not work either: ssh [EMAIL PROTECTED] ../../../usr/data/pub/ (where the default directory for ssh logins is /usr/home/[username]/.) I've tried formatting variations of the above themes to no avail and suspect there's a setting somewhere to allow what directories ssh connections can be made to, or creating a link in [users] home directory to the public directory. Your help would be appreciated. -- Turner Litigation Services POB 319 Eureka, CA 95502 Tel. (707) 496-9666 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: force file permission
hi... [SNIP] but not the access via SSH/SCP. Is there any way to accomplish this? the solution needs to cover the following: - files created on the fileserver itself (during SSH session) need to have the permissions - files copied to the fileserver via SCP/SFTP need to have the permissions the old fileserver was linux-based and used some scripts that were triggerd by cron/ dnotify, but the solution became unhandy with growing amount of files. The simplest solution is to properly set the umask for the user accounts you use to ssh or scp. [/SNIP] Yeah, that was my first idea to, but it does not work with SCP/ SSH. if you create the files locally on the filer it works like a charme. but if you copy files to the server (tested from a linux system) which have permissions, that are less than 660/ 770 these permisisons are applied. does anyone know another handy solution for this, beside scripts that are triggerd by cron or file monitors??? regards, olli ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
installation of Python failed: ./python: Permission denied
Hi FreeBSD users I am trying to install Python. Please help a newbie here. [EMAIL PROTECTED] /usr/ports/lang/python]# make -DBATCH install clean === Extracting for python-2.5,2 === Patching for python-2.5,2 === Configuring for python-2.5,2 === Installing for python-2.5,2 === python-2.5,2 depends on file: /usr/local/bin/python2.5 - not found ===Verifying install for /usr/local/bin/python2.5 in /usr/ports/lang/python25 === Building for python25-2.5.2_2 cd /usr/ports/lang/python25/work/Python-2.5.2/portbld.shared; /usr/bin/env VPATH=/usr/ports/lang/python25/work/Python-2.5.2 SHELL=/bin/sh NO_LINT=YES PREFIX=/usr/local LOCALBASE=/usr/local X11BASE=/usr/local MOTIFLIB=-L/usr/local/lib -lXm -lXp LIBDIR=/usr/lib CFLAGS=-O2 -fno-strict-aliasing -pipe -D__wchar_t=wchar_t -DTHREAD_STACK_SIZE=0x2 CXXFLAGS=-O2 -fno-strict-aliasing -pipe -D__wchar_t=wchar_t -DTHREAD_STACK_SIZE=0x2 MANPREFIX=/usr/local BSD_INSTALL_PROGRAM=install -s -o root -g wheel -m 555 BSD_INSTALL_SCRIPT=install -o root -g wheel -m 555 BSD_INSTALL_DATA=install -o root -g wheel -m 444 BSD_INSTALL_MAN=install -o root -g wheel -m 444 make libpython2.5.so python; /bin/ln -f libpython2.5.so libpython2.5.so.1; /bin/ln -f python python-shared2.5 `libpython2.5.so' is up to date. `python' is up to date. case $MAKEFLAGS in *-s*) CC='cc' LDSHARED='cc -shared -pthread' OPT='-DNDEBUG -O2 -fno-strict-aliasing -pipe -D__wchar_t=wchar_t -DTHREAD_STACK_SIZE=0x2' ./python -E ./../setup.py -q build;; *) CC='cc' LDSHARED='cc -shared -pthread' OPT='-DNDEBUG -O2 -fno-strict-aliasing -pipe -D__wchar_t=wchar_t -DTHREAD_STACK_SIZE=0x2' ./python -E ./../setup.py build;; esac ./python: Permission denied *** Error code 126 Stop in /usr/ports/lang/python25/work/Python-2.5.2/portbld.static. *** Error code 1 Stop in /usr/ports/lang/python25. *** Error code 1 Stop in /usr/ports/lang/python. cheers Simon signature.asc Description: OpenPGP digital signature
Re: installation of Python failed: ./python: Permission denied
* Simon Jolle sjolle [EMAIL PROTECTED] [05-17-2008]: ./python: Permission denied *** Error code 126 Anything in /etc/fstab being mounted with noexec,nosuid? -- Sahil Tandon [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: installation of Python failed: ./python: Permission denied
On 05/18/2008 12:08 AM, Sahil Tandon wrote: * Simon Jolle sjolle [EMAIL PROTECTED] [05-17-2008]: ./python: Permission denied *** Error code 126 Anything in /etc/fstab being mounted with noexec,nosuid? No nothing noexec or nosuid. Filesystems table is out-of-the-box. Thanks cheers Simon signature.asc Description: OpenPGP digital signature
force file permission
hi list... I have to administrate a fileserver based on freebsd-7 where users have access to via SMB and SSH. my permission setup is configured, so that a user needs to be in a special group to have access to certain files. for that all file must have permissions set to 660 and directories to 770. The samba part is not a problem, there quite a few options to solve this problem, and it works great. but not the access via SSH/SCP. Is there any way to accomplish this? the solution needs to cover the following: - files created on the fileserver itself (during SSH session) need to have the permissions - files copied to the fileserver via SCP/SFTP need to have the permissions the old fileserver was linux-based and used some scripts that were triggerd by cron/ dnotify, but the solution became unhandy with growing amount of files. thanks, olli ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: force file permission
At 03:41 PM 5/15/2008, Mister Olli wrote: hi list... I have to administrate a fileserver based on freebsd-7 where users have access to via SMB and SSH. my permission setup is configured, so that a user needs to be in a special group to have access to certain files. for that all file must have permissions set to 660 and directories to 770. The samba part is not a problem, there quite a few options to solve this problem, and it works great. but not the access via SSH/SCP. Is there any way to accomplish this? the solution needs to cover the following: - files created on the fileserver itself (during SSH session) need to have the permissions - files copied to the fileserver via SCP/SFTP need to have the permissions the old fileserver was linux-based and used some scripts that were triggerd by cron/ dnotify, but the solution became unhandy with growing amount of files. thanks, olli The simplest solution is to properly set the umask for the user accounts you use to ssh or scp. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Unable to open device file /dev/lpt0: Permission denied
Christian Zachariasen wrote: On Wed, Apr 23, 2008 at 4:53 AM, David Reedy Jr [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Tuesday 22 April 2008 10:40:25 am Roland Smith wrote: On Tue, Apr 22, 2008 at 10:08:37AM -0500, David Reedy Jr wrote: IICR, the print device should belong to the cups group. At least, that's my working setup. I have the following in /etc/devfs.conf: # Give cups printer access own lpt0root:cups permlpt00660 Thanks for the info. This didn't actually fix the problem, but I know it was needed since I read somewhere that everything that cupsd spawns runs as cups. What I ended up doing was resetting my cupsd.conf to default and redid my settings. I must have had a typo in there somewhere before because as soon as I restarted cupsd after making the changes, the parallel and usb ports suddenly became available as devices for the printer. It happens. :-) I had previously selected lpd and then manually specified the uri as parallel:/dev/lpt0. The laser on the parallel port is now working fine. Good. I also went ahead and setup my deskjet on usb:/dev/ulpt0. Print test pages get marked as completed but nothing actually comes out of the printer. Still trying to figure that one out. Have a look at the cups logfiles in /var/log/cups. They should give you some pointers. You'll probably need to set the device permissions for ulpt in devfs.rules, not devfs.conf! I got the rules setup in devfs.rules, no problem. When I turn on the printer it's detected... ulpt0: HP Deskjet 3840, class 0/0, rev 2.00/1.00, addr 2 on uhub0 ulpt0: using bi-directional mode and things get set right permission-wise... crw-rw 1 root cups0, 88 Apr 22 21:20 /dev/ulpt0 according to /var/log/cups/error_log it prints... I [22/Apr/2008:21:20:03 -0500] Started /usr/local/libexec/cups/cgi-bin/printers.cgi (pid=756) I [22/Apr/2008:21:20:03 -0500] [Job 47] Adding start banner page none. I [22/Apr/2008:21:20:03 -0500] [Job 47] Adding job file of type application/postscript. I [22/Apr/2008:21:20:03 -0500] [Job 47] Adding end banner page none. I [22/Apr/2008:21:20:03 -0500] [Job 47] Queued on inkjet by root. I [22/Apr/2008:21:20:03 -0500] [Job 47] Started filter /usr/local/libexec/cups/filter/pstops (PID 757) I [22/Apr/2008:21:20:03 -0500] [Job 47] Started filter /usr/local/libexec/cups/filter/pstoraster (PID 758) I [22/Apr/2008:21:20:03 -0500] [Job 47] Started filter /usr/local/libexec/cups/filter/rastertohp (PID 759) I [22/Apr/2008:21:20:03 -0500] [Job 47] Started backend /usr/local/libexec/cups/backend/usb (PID 760) I [22/Apr/2008:21:20:06 -0500] Started /usr/local/libexec/cups/cgi-bin/printers.cgi (pid=761) I [22/Apr/2008:21:20:06 -0500] [Job 47] Completed successfully. I [22/Apr/2008:21:20:17 -0500] Started /usr/local/libexec/cups/cgi-bin/printers.cgi (pid=762) but the job disappears into some sort of black hole. Nothing prints. Printer just sits there peacefully doing nothing. From printers.conf for this printer... Printer inkjet Info HP DeskJet 3845 Location Bottom DeviceURI usb:/dev/ulpt0 State Idle StateTime 1208917161 Accepting Yes Shared Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 AllowUser root AllowUser davidrjr OpPolicy default ErrorPolicy stop-printer /Printer If anybody has additional insight, I'd sure appreciate it. Dave Roland ___ freebsd-questions@freebsd.org mailto:freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] IIRC, you should be able to actually write echo something /dev/ulpt0 and it should print? Might be useful for testing and stuff. Test goes to the same black hole. I think I've found the problem... uhci0: Intel 82801BA/BAM (ICH2) USB controller USB-A port 0xb400-0xb41f irq 3 at device 31.2 on pci0 Perhaps putting a USB 2.0 controller in this old machine might make a difference. :) Anyway, after a quick bit of googling around for your problem (I've had CUPS problems many times in the past myself and I know how hard it can be) I found this: Here is a workaround: In printers.conf () you will probably find a line like this: DeviceURI usb:/dev/ulpt0 change usb: to file:, so that it looks something like this: DeviceURI file:/dev/ulpt0 Then restart cups. Cups will not read any status information from the printer, but at least it can print. Be warned about unknown side effects. :) Jan
Re: Unable to open device file /dev/lpt0: Permission denied
On Monday 21 April 2008 2:54:16 pm Roland Smith wrote: On Mon, Apr 21, 2008 at 01:05:56PM -0500, David Reedy Jr wrote: Small home network. Trying to get cups working on my server. FreeBSD 7.0-RELEASE #4: Tue Apr 15 11:01:37 CDT 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/OMEGA ... ppc0: Parallel port at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/9 bytes threshold ppbus0: Parallel port bus on ppc0 ppbus0: [ITHREAD] ppbus0: IEEE1284 device found /NIBBLE Probing for PnP devices on ppbus0: ppbus0: Hewlett-Packard HP LaserJet 6L/0101.01 PRINTER HP ENHANCED PCL5,PJL snip StateMessage Unable to open device file /dev/lpt0: Permission denied snip Trying to print a test page from the cups web interface on a client machine, I get the error message. Doing chmod 777 /dev/lpt0 does not change anything. Can somebody tell me what I've done wrong or point me in the direction I should be looking? IICR, the print device should belong to the cups group. At least, that's my working setup. I have the following in /etc/devfs.conf: # Give cups printer access own lpt0root:cups permlpt00660 Thanks for the info. This didn't actually fix the problem, but I know it was needed since I read somewhere that everything that cupsd spawns runs as cups. What I ended up doing was resetting my cupsd.conf to default and redid my settings. I must have had a typo in there somewhere before because as soon as I restarted cupsd after making the changes, the parallel and usb ports suddenly became available as devices for the printer. I had previously selected lpd and then manually specified the uri as parallel:/dev/lpt0. The laser on the parallel port is now working fine. I also went ahead and setup my deskjet on usb:/dev/ulpt0. Print test pages get marked as completed but nothing actually comes out of the printer. Still trying to figure that one out. If you don't want to reboot; # chown root:cups /dev/lpt0 # chmod 0660 /dev/lpt0 Roland ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]