Re: weird permissions on directories when installing ports through sudo
> I didn't think this would do much, but gave it a try anyway > And it doesn't help. :/ I think i meant '-i' -- but I'd have to look at the patch`s interaction. I can't recreate the problem in the 1.6.x we're running in our internal release engineering. 1.7.x, and its associated backport, created the local brouhaha with groups credential crashing. Perhaps next time a -dev extension of the port should roll for a few months (6-9), especially given the history of sudo releng. ~BAS signature.asc Description: This is a digitally signed message part
Re: weird permissions on directories when installing ports through sudo
On 02/25/2009 11:49, Brian A. Seklecki wrote: >> lowering the umask of the person running sudo. >> >> This had the effect of truly screwing up many installed ports for me > > Maybe try "sudo -H -u root [command]" NetBSD Pkgsrc is nice in this > respect because it has sudo(8) integration in the MKs. ~BAS I didn't think this would do much, but gave it a try anyway And it doesn't help. :/ The following command prior to the change resulted in root's umask being displayed: sudo -H -u root umask Whereas after the change in sudo I mentioned, the union of mine and root's is presented. I looked at the security issue mentioned in the commit log, and I'm not sure this change was required in order to fix it. Anyone have thoughts on why this change was made? I'd argue POLA was broken here. But I don't keep up with sudo developments (aside from using it). -- Regards, Eric signature.asc Description: OpenPGP digital signature
Re: weird permissions on directories when installing ports through sudo
> lowering the umask of the person running sudo. > > This had the effect of truly screwing up many installed ports for me Maybe try "sudo -H -u root [command]" NetBSD Pkgsrc is nice in this respect because it has sudo(8) integration in the MKs. ~BAS signature.asc Description: This is a digitally signed message part
Re: weird permissions on directories when installing ports through sudo
On 02/19/2009 15:56, Aleksandr Miroslav wrote: > For the longest time, I have installed ports via the "sudo make install" or > "sudo portupgrade" or "sudo portinstall" method and never had a problem. This seems to have jumped up and bitten me on the arse as well. I believe the "problem" lies herein: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/sudo/distinfo?rev=1.61 It appears that sudo has been changed following a security issue. I use a more restrictive umask than the default. I suspect you do as well. The sudo change now implements a union of umasks, therefore never lowering the umask of the person running sudo. This had the effect of truly screwing up many installed ports for me (I do the same as you `sudo portupgrade`). I'm not blaming the fix... just whining about it. The fix for me was to deinstall and reinstall and problem ports using root himself. I suspect though you could fix it other ways by fiddling with your usmask, and/or altering the sudo config files. > > > Recently, as of a few weeks ago, I started noticing that ports that were > installed or upgraded were getting the wrong permissions. Not only were > directories getting permissions of 700 (whereas previously they had been > 755), but the directories /usr/local and entries in /var/db/pkg were getting > permissions of 700. > > This is causing a lot of things to break, and I have to manually go in and > make everything public for it to work again. > > This only happens when I build ports via sudo. If I am root and I run make > install, everything works fine. yeah. Me too. :) > > I haven't changed anything recently either in sudo, or my umask. > > What can I do to fix this? > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > > -- Regards, Eric signature.asc Description: OpenPGP digital signature
weird permissions on directories when installing ports through sudo
For the longest time, I have installed ports via the "sudo make install" or "sudo portupgrade" or "sudo portinstall" method and never had a problem. Recently, as of a few weeks ago, I started noticing that ports that were installed or upgraded were getting the wrong permissions. Not only were directories getting permissions of 700 (whereas previously they had been 755), but the directories /usr/local and entries in /var/db/pkg were getting permissions of 700. This is causing a lot of things to break, and I have to manually go in and make everything public for it to work again. This only happens when I build ports via sudo. If I am root and I run make install, everything works fine. I haven't changed anything recently either in sudo, or my umask. What can I do to fix this? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"