On Sun, Feb 19, 2006 at 04:01:53PM +0300, Dmitry Morozovsky wrote: > On Sun, 19 Feb 2006, Yar Tikhiy wrote: > > YT> On Thu, Feb 16, 2006 at 04:57:57PM +0300, Dmitry Morozovsky wrote: > YT> > On Thu, 16 Feb 2006, James Wyatt wrote: > YT> > > YT> > JW> I've seen something very similar when the permissions of the mount > point's > YT> > JW> underlieing subdirectory wasn't 777. Really strange to see, but it > was a > YT> > JW> fallout from a company-wide change to make umask and directory > permissions > YT> > JW> that wasn't quite implemented correctly. Hope this helps - Jy@ > YT> > > YT> > Exactly, see my other followup. > YT> > > YT> > I suppose 0777 is bad choice because if for some reason file system > would not > YT> > mount, anyone can fill up this directory. 0111 or 0555 or standard 0755 > would > YT> > be safe though. > YT> > YT> This looks like a file-a-PR case if you are sure you didn't overlook > YT> anything. To the best of my knowledge, the underlying mount point > YT> permissions should affect nothing since the FS was mounted. But > YT> you didn't show us output from "ls -la /" so please judge by yourself. > > I can't show you exact output of ls -la / before other FS mount because of > headlessness (nor serial console) of machine in question. However, there was > one file system which I could unmount without dropping to single user, and I > *did* see underlying directory mode of 0750.
I just wanted to make sure that your / (which was /usr/..) was readable for the unpriviliged user. Your test case below shows that the problem is there indeed. > What should I file? Test case? It's rather simple (attached). Please include everything needed for a PR: a synopsis, description, how-to-repeat, and perhaps a fix ;-) > Script started on Sun Feb 19 15:59:12 2006 > [EMAIL PROTECTED]:/var/tmp# unalias ls > [EMAIL PROTECTED]:/var/tmp# cd /var/tmp > [EMAIL PROTECTED]:/var/tmp# dd if=/dev/zero of=image1.img bs=1m count=4 > 4+0 records in > 4+0 records out > 4194304 bytes transferred in 0.057493 secs (72953335 bytes/sec) > [EMAIL PROTECTED]:/var/tmp# mdconfig -a -t vnode -f image1.img > md1 > [EMAIL PROTECTED]:/var/tmp# newfs /dev/md1 > /dev/md1: 4.0MB (8192 sectors) block size 16384, fragment size 2048 > using 4 cylinder groups of 1.02MB, 65 blks, 192 inodes. > super-block backups (for fsck -b #) at: > 160, 2240, 4320, 6400 > [EMAIL PROTECTED]:/var/tmp# mkdir -m 700 mnt > [EMAIL PROTECTED]:/var/tmp# ls -la mnt > total 4 > drwx------ 2 root wheel 512 Feb 19 16:00 . > drwxrwxrwt 8 root wheel 512 Feb 19 16:00 .. > [EMAIL PROTECTED]:/var/tmp# mount /dev/md1 mnt > [EMAIL PROTECTED]:/var/tmp# ls -la mnt > total 6 > drwxr-xr-x 3 root wheel 512 Feb 19 16:00 . > drwxrwxrwt 8 root wheel 512 Feb 19 16:00 .. > drwxrwxr-x 2 root operator 512 Feb 19 16:00 .snap > [EMAIL PROTECTED]:/var/tmp# echo '/bin/sh -c "ls -la /var/tmp"' | su -m nobody > total 54560 > drwxrwxrwt 8 root wheel 512 Feb 19 16:00 . > drwxr-xr-x 26 root wheel 512 Feb 16 12:59 .. > drwxrwxr-x 2 marck wheel 512 Feb 7 16:21 cd > drwx------ 3 marck wheel 512 Feb 14 16:20 gconfd-marck > -rw-r--r-- 1 root wheel 4194304 Feb 19 16:00 image1.img > -rw-r--r-- 1 root wheel 51579766 Jan 31 18:50 jdk-1.5.0p2_3.tbz > drwxr-xr-x 3 root wheel 512 Feb 19 16:00 mnt > drwx------ 2 marck wheel 512 Feb 14 22:17 orbit-marck > drwxrwxrwt 5 root wheel 512 Jan 26 14:17 texfonts > drwxrwxrwt 2 root wheel 512 Jan 31 16:17 vi.recover > [EMAIL PROTECTED]:/var/tmp# echo '/bin/sh -c "ls -la /var/tmp/mnt/"' | su -m > nobody > ls: ..: Permission denied > total 4 > drwxr-xr-x 3 root wheel 512 Feb 19 16:00 . > drwxrwxr-x 2 root operator 512 Feb 19 16:00 .snap > [EMAIL PROTECTED]:/var/tmp# exit > exit > > Script done on Sun Feb 19 16:00:47 2006 -- Yar _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
