search for: schg

Hi *, it seems rsync with --fileflags isn't able to work on (already) hardlinked and immutable ("schg") files on FreeBSD. The following scripts will create a simple example for this behaviour: -------------------------------------------------------------- #! /bin/sh # # set -x DIR="/var/tmp/rsync_$(date +%s)/" mkdir "${DIR}/" # Preparing dir_A mkdir "${DIR}/dir_A/&q...

I have an rsync daemon running on a FreeBSD 7.3 system. It is running rsync 3.0.4 with fileflags enabled. I have the following six files on it which are all hardlinks and have the immutable flag set: 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 chfn 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 chpass 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 chsh 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 ypchfn 6830483 -r-sr-xr-x 6 root wheel schg 33268 Jan 6 2005 ypchpas...

https://bugzilla.samba.org/show_bug.cgi?id=10325 Summary: Links to files marked schg (system immutable) fail Product: rsync Version: 3.1.0 Platform: x64 OS/Version: FreeBSD Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned at samba.org ReportedBy: rkoberman at...

.../0x /root/debug/src/3x # ls -lio /root/debug/src/ total 2 330810 -rw-r--r-- 4 root wheel uarch 0 Jan 10 12:40 0x 330810 -rw-r--r-- 4 root wheel uarch 0 Jan 10 12:40 1x 330810 -rw-r--r-- 4 root wheel uarch 0 Jan 10 12:40 2x 330810 -rw-r--r-- 4 root wheel uarch 0 Jan 10 12:40 3x # chflags schg /root/debug/src/0x # ls -lio /root/debug/src/ total 2 330810 -rw-r--r-- 4 root wheel schg,uarch 0 Jan 10 12:40 0x 330810 -rw-r--r-- 4 root wheel schg,uarch 0 Jan 10 12:40 1x 330810 -rw-r--r-- 4 root wheel schg,uarch 0 Jan 10 12:40 2x 330810 -rw-r--r-- 4 root wheel schg,uarch 0 Jan 10 12...

Hi! Using rsync under FreeBSD with hard links and files having schg set result in EPERM "Operation not permitted". This behavior can be observed if rsyncing /usr/bin/. The patch fileflags.diff tries to deal with this situation but changes the flags of the parent directory only. It doesn't change the flags of the files itself. do_link() in syscal...

On Tue 2012-09-18 (23:31), Gareth de Vaux wrote: > Looking at /usr/src/share/mk/bsd.prog.mk and /usr/src/share/mk/bsd.lib.mk - > bins and libs get installed with schg if PRECIOUSPROG and PRECIOUSLIB are > set respectively in their makefiles, both of which can be overridden by > setting NO_FSCHG, presumably in /etc/make.conf. > > Without this doing jail maintenance/upgrades is a nightmare on a host with > a securelevel of 1 but I haven't seen...

is there a way to save special flags in freebsd when using rsync? for example dd# ls -lo init -r-xr-xr-x 1 root wheel schg 711744 Mar 12 18:51 init dd# file has flag schg when i just use rsync it copy that file and loses that flag -- http://alexus.org/

I am (attempting to) implement an rsync method for distributing updates from a FreeBSD master server to several 'slave' servers. In addition to keeping certain userland files up to date it I also want it to keep the OS up to date. I've run into a problem that I do not know how to fix. When I run the following command: rsync -aHXA --fileflags --force-change --no-inc-recursive

Hi All! rsync-3.0.6 with fileflags.diff under FreeBSD 8.0-RC1: if there is a file with uchg or schg flag in source directory and it's hard-linked (usual case for /usr/bin), then rsync cannot create the link in destination directory. Error message: rsync: link "/tmp/s/a" => b failed: Operation not permitted (1) The problem is that it's not allowed to link a *chg'ed file....

...Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: rsync@oldach.net QAContact: rsync-qa@samba.org On FreeBSD at least, -a --flags does not perform the intended function: # touch f1 # chflags schg f1 # mkdir dest # rsync -axvH --flags f1 dest building file list ... done f1 rsync: rename "/tmp/dest/.f1.Isi7Bm" -> "f1": Operation not permitted (1) sent 91 bytes received 42 bytes 266.00 bytes/sec total size is 0 speedup is 0.00 rsync error: some files could not be tra...

I am cleaning up my 4-STABLE system. After a fresh installworld, I am looking at files that did not get touched by the install. Is it safe to remove all such files? In particular, I am looking at /usr/libexec/lib-elf.so.1, which has the schg flag set. I am afraid to remove this for fear of making my system unbootable. Could somebody please reassure me that it is ok to noschg and remove this old file? Thanks Geoffrey

I'm currently administering a machine about 1500mi from me with nobody local to the machine to assist me. Anyways, my only access to this machine is via SSH, no remote serial console or anything. When I try to do a "make installworld" I end up with install: rename: /lib/INS@aTxk to /lib/libcrypt.so.3: Operation not permitted very shortly thereafter. I cannot boot

``You do not want to overbuild your security or you will interfere with the detection side, and detection is one of the single most important aspects of any security mechanism. For example, it makes little sense to set the schg flag (see chflags(1)) on every system binary because while this may temporarily protect the binaries, it prevents an attacker who has broken in from making an easily detectable change that may result in your security mechanisms not detecting the attacker at all.'' Wouldn't it be better...

...or references to FreeBSD's file flags and rsync but only found one reference to it dated back in 2002. It refers to a --flags patch that I don't see available anywhere: http://www.mail-archive.com/rsync@lists.samba.org/msg03878.html Is there a patch for preserving FreeBSD's flags like schg? (i.e. immutable) My current configuration: Two FreeBSD 4.11 systems running rsync 2.6.3 Command being run: /usr/local/bin/rsync -cavzHS --include-from=include-list.txt --exclude-from=exclude-list.txt root@thisserver.mycompany.net:/ /

I'm not sure where else to ask about this, so please excuse me if this is the wrong forum. In trying to remove a 'nodump' flag on a directory with the 'chflags' command I have noticed that the 'nonodump' flag does not function. I see an open PR for the problem: o [2003/01/09] i386/46912 johan chflags nonodump fails I was wondering when this might be dealt with? Else is

I'm setting up a server where I plan to use Jails to improve security I also have installed and am configuring ipfilter. Here are my questions: Because I'm using Jails, I will have to have multiple ip aliases on the network interface. I will use ipfilter to specify what can go to each of the addresses. (e.g., allow only incoming to port 80 on the jail running apache). Another

Hourly I have an rsync job backup /home to /home/backup. I have 24 directories (one for each hour): home.0 ... home.23 Here is the script I am running via cron: #! /usr/local/bin/bash dest=`date +%k | sed 's/ //g'` linkdir=`date -v-1H +%k | sed 's/ //g'` chflags -R noschg /home/backup rm -rf /home/backup/home.$dest rsync -ahHP --numeric-ids --delete --stats --link-dest=../ home."$linkdir"\ --exclude=/backup/* /home/ /home/backup/home."$dest"/ > /var/ rsync.log sleep 2 chflags -R schg /home/backup Per reading this list and other googl...

Thanks Wayne and everybody, This is a huge boost to have a modern rsync for OSX. We're all grateful. Rob D PS I did notice that we lost the bsd flags test in 3.0. It was ok in pre10.... thanks again bbouncer Verifying: basic-permissions ... ok Verifying: timestamps ... Sub-test: modification time ... ok ok Verifying: symlinks ... ok Verifying:

...s" in sshd_config or the attacker has access to a local user in the "wheel" group, the attacker can gain root privileges. IV. Workaround Disable OPIE authentication in PAM: # sed -i "" -e /opie/s/^/#/ /etc/pam.d/* or Remove the setuid bit from opiepasswd: # chflags noschg /usr/bin/opiepasswd # chmod 555 /usr/bin/opiepasswd # chflags schg /usr/bin/opiepasswd V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated...

...s" in sshd_config or the attacker has access to a local user in the "wheel" group, the attacker can gain root privileges. IV. Workaround Disable OPIE authentication in PAM: # sed -i "" -e /opie/s/^/#/ /etc/pam.d/* or Remove the setuid bit from opiepasswd: # chflags noschg /usr/bin/opiepasswd # chmod 555 /usr/bin/opiepasswd # chflags schg /usr/bin/opiepasswd V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated...