Dear colleagues, I have misterious permission troubles on rather fresh RELENG_6: from root everything's ok: root@hasmter:/usr# ls -la /usr/ total 48 drwxr-xr-x 13 root wheel 512 Feb 2 20:59 ./ drwxr-xr-x 20 root wheel 512 Feb 16 14:37 ../ drwxrwx--- 2 root operator 512 Feb 16 15:58 .snap/ drwxr-xr-x 3 root wheel 512 Feb 2 16:08 X11R6/ ... from myself too: marck@hasmter:~> ls -la /usr/ total 48 drwxr-xr-x 13 root wheel 512 Feb 2 20:59 ./ drwxr-xr-x 20 root wheel 512 Feb 16 14:37 ../ drwxrwx--- 2 root operator 512 Feb 16 15:58 .snap/ drwxr-xr-x 3 root wheel 512 Feb 2 16:08 X11R6/ ... marck@hasmter:~> id uid=268(marck) gid=268(marck) groups=268(marck), 0(wheel), 5(operator) but from really unprivileged user: %id uid=1008(nata) gid=1008(nata) groups=1008(nata), 24(samba) %ls -la /usr ls: ..: Permission denied total 46 drwxr-xr-x 13 root wheel 512 Feb 2 20:59 . drwxrwx--- 2 root operator 512 Feb 16 15:58 .snap drwxr-xr-x 3 root wheel 512 Feb 2 16:08 X11R6 ... The same on other mountpoints. fsck is ok. Any hints? Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
I've seen something very similar when the permissions of the mount point's underlieing subdirectory wasn't 777. Really strange to see, but it was a fallout from a company-wide change to make umask and directory permissions that wasn't quite implemented correctly. Hope this helps - Jy@ On Thu, 16 Feb 2006, Dmitry Morozovsky wrote:> Date: Thu, 16 Feb 2006 16:23:38 +0300 (MSK) > From: Dmitry Morozovsky <marck@rinet.ru> > To: freebsd-stable@freebsd.org > Subject: RELENG_6 weird '..' permission troubles > > Dear colleagues, > > I have misterious permission troubles on rather fresh RELENG_6: > > from root everything's ok: > > root@hasmter:/usr# ls -la /usr/ > total 48 > drwxr-xr-x 13 root wheel 512 Feb 2 20:59 ./ > drwxr-xr-x 20 root wheel 512 Feb 16 14:37 ../ > drwxrwx--- 2 root operator 512 Feb 16 15:58 .snap/ > drwxr-xr-x 3 root wheel 512 Feb 2 16:08 X11R6/ > ... > > from myself too: > > marck@hasmter:~> ls -la /usr/ > total 48 > drwxr-xr-x 13 root wheel 512 Feb 2 20:59 ./ > drwxr-xr-x 20 root wheel 512 Feb 16 14:37 ../ > drwxrwx--- 2 root operator 512 Feb 16 15:58 .snap/ > drwxr-xr-x 3 root wheel 512 Feb 2 16:08 X11R6/ > ... > marck@hasmter:~> id > uid=268(marck) gid=268(marck) groups=268(marck), 0(wheel), 5(operator) > > but from really unprivileged user: > > %id > uid=1008(nata) gid=1008(nata) groups=1008(nata), 24(samba) > %ls -la /usr > ls: ..: Permission denied > total 46 > drwxr-xr-x 13 root wheel 512 Feb 2 20:59 . > drwxrwx--- 2 root operator 512 Feb 16 15:58 .snap > drwxr-xr-x 3 root wheel 512 Feb 2 16:08 X11R6 > ... > > The same on other mountpoints. fsck is ok. > > Any hints? > > > Sincerely, > D.Marck [DM5020, MCK-RIPE, DM3-RIPN] > ------------------------------------------------------------------------ > *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** > ------------------------------------------------------------------------ > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >
Following myself:
On Thu, 16 Feb 2006, Dmitry Morozovsky wrote:
DM> Dear colleagues,
DM>
DM> I have misterious permission troubles on rather fresh RELENG_6:
DM>
DM> from root everything's ok:
[snip]
DM> but from really unprivileged user:
DM>
DM> %id
DM> uid=1008(nata) gid=1008(nata) groups=1008(nata), 24(samba)
DM> %ls -la /usr
DM> ls: ..: Permission denied
DM> Any hints?
Actually, lower level mountpoints (e.g. /usr on / and so on) had
permissions 0750 instead of 0755 or at least 0111. To fix it (machine in
headless) I had to make the following rc.d script (rc.d/early.sh cannot be used
because / is mountd ro at that time) :
root@hamster:/etc# cat /etc/rc.d/earlyroot
#!/bin/sh
#
# $FreeBSD$
#
# REQUIRE: root
# BEFORE: mountcritlocal
# KEYWORD: nojail
if [ -r /etc/rc.earlyroot ]; then
. /etc/rc.earlyroot
fi
and put
/sbin/chmod 0111 /usr /var /lh
in /etc/rc.earlyroot
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------