Christian Corti wrote:> I've had big headaches finding the problem why "ssh -X host"
destroys
> the
> permissions of the .Xauthority file in my NFS home directory.
> 'host' is any of our FreeBSD 10.1-RELEASE servers (sparc64 and
amd64)
> Permissions before login: 0600
> Permissions after login: 0000 (ouch!)
>
> I've found out that the cause for this lies in the Xau library
> (AuLock.c)
> that creates a new file in XauLockAuth:
> [...]
> creat_fd = open (creat_name, O_WRONLY | O_CREAT | O_EXCL, 0600);
> [...]
>
> Wrote a small test program that makes just that open call, and the
> result
> is the same: the created file has permission 0000.
>
> This must be a regression, since I have a FreeBSD 9.0-RELEASE-p4
> system
> (amd64) that does *not* have this problem.
>
> Is this a known problem? Any hints on solving that problem? For now,
> I
> must add a custom /etc/ssh/sshrc file with "chmod 600
~/.Xauthority".
>
If you are using a Solaris NFS server then, yes, it is a known bug in
the Solaris NFS server. See:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193128
If you are not using a Solaris server, then this needs to be investigated
further, since I am only aware of the Solaris server case.
As you'll see in the bug report, the Solaris server replies NFS_OK to the
Setattr, but does not set the mode. If you change the client to specify
"use server time" for the time setting, then the Solaris server does
set
the file mode.
Until I add a mount option in the client to force "use server's
time"
workarounds are:
- Use a non-Solaris NFS server.
- Use NFSv2, which seems to work ok. ("nfsv2" or "vers=2"
mount option)
- Hack your kernel with the patch in the bug report.
Please let us know if you are using a Solaris server?
Thanks, rick
> Christian
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to
> "freebsd-stable-unsubscribe at freebsd.org"
>