NetBSD Problem Report #47947
From www@NetBSD.org Fri Jun 21 08:46:33 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id E71C470E0E
for <gnats-bugs@gnats.NetBSD.org>; Fri, 21 Jun 2013 08:46:32 +0000 (UTC)
Message-Id: <20130621084631.B23827148D@mollari.NetBSD.org>
Date: Fri, 21 Jun 2013 08:46:31 +0000 (UTC)
From: babafou+netbsd@babafou.eu.org
Reply-To: babafou+netbsd@babafou.eu.org
To: gnats-bugs@NetBSD.org
Subject: Permissions of /root/.cshrc and /root/.profile make /etc/security complain
X-Send-Pr-Version: www-1.0
>Number: 47947
>Category: install
>Synopsis: Permissions of /root/.cshrc and /root/.profile make /etc/security complain
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: install-manager
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Jun 21 08:50:00 +0000 2013
>Closed-Date: Tue Jun 23 08:05:05 +0000 2015
>Last-Modified: Tue Jun 23 08:05:05 +0000 2015
>Originator: Marc Baudoin
>Release: 6.1
>Organization:
>Environment:
NetBSD shuttle.babafou.eu.org 6.1 NetBSD 6.1 (GENERIC) amd64
>Description:
After a default NetBSD installation, the permissions of files /root/.cshrc and /root/.profile (which are 555) make /etc/security (which expects 644) complain:
Checking special files and directories.
root/.cshrc:
permissions (0644, 0555)
root/.profile:
permissions (0644, 0555)
>How-To-Repeat:
Just install a brand new NetBSD ;-)
>Fix:
For shell configuration files, 644 makes way more sense than 555 so /etc/security is right so the permissions of /root/.cshrc and /root/.profile should be changed to 644 in the installation media.
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: install/47947: Permissions of /root/.cshrc and /root/.profile make /etc/security complain
Date: Fri, 21 Jun 2013 11:22:50 +0200
During build the files in $DESTDIR seem to have correct ownership, but
in the sets the ownership is wrong (sanitized ownership of scripts by
maketar or one of the helpers?)
Martin
From: Valery Ushakov <uwe@stderr.spb.ru>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: install/47947: Permissions of /root/.cshrc and /root/.profile make /etc/security complain
Date: Sat, 22 Jun 2013 01:56:52 +0400
On Fri, Jun 21, 2013 at 08:50:00 +0000, babafou+netbsd@babafou.eu.org wrote:
> After a default NetBSD installation, the permissions of files
> /root/.cshrc and /root/.profile (which are 555) make /etc/security
> (which expects 644) complain:
>
> Checking special files and directories.
> root/.cshrc:
> permissions (0644, 0555)
> root/.profile:
> permissions (0644, 0555)
This is a problem with unpriviliged build. This should be at least
partially adressed in -current with the following commit, which should
be pulled up, I guess:
Module Name: src
Committed By: uwe
Date: Sat Nov 17 23:08:38 UTC 2012
Modified Files:
src/etc/root: Makefile
Log Message:
We don't need to include <bsd.prog.mk> to install a few config files
just <bsd.files.mk> and <bsd.links.mk> is enough.
Noticed because <bsd.prog.mk> sets LINKSMODE to BINMODE and that does
the wrong thing at least for unprivileged builds.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/etc/root/Makefile
I don't remember details about the second part of the problem,
something about handling of hardlinks in unpriv builds. Looking at a
fresh current build I see that /.cshrc and /root/.cshrc are hardlinks,
but they have different modes in the metalog - /.cshrc is 0444,
/root/.cshrc 0644. IIRC, Joerg should know more.
-uwe
From: Marc Baudoin <babafou@babafou.eu.org>
To: gnats-bugs@NetBSD.org
Cc: install-manager@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org, babafou+netbsd@babafou.eu.org
Subject: Re: install/47947: Permissions of /root/.cshrc and /root/.profile
make /etc/security complain
Date: Tue, 23 Jun 2015 09:29:13 +0200
Valery Ushakov <uwe@stderr.spb.ru> écrit :
> The following reply was made to PR install/47947; it has been noted by GNATS.
>
> From: Valery Ushakov <uwe@stderr.spb.ru>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: install/47947: Permissions of /root/.cshrc and /root/.profile make /etc/security complain
> Date: Sat, 22 Jun 2013 01:56:52 +0400
>
> On Fri, Jun 21, 2013 at 08:50:00 +0000, babafou+netbsd@babafou.eu.org wrote:
>
> > After a default NetBSD installation, the permissions of files
> > /root/.cshrc and /root/.profile (which are 555) make /etc/security
> > (which expects 644) complain:
> >
> > Checking special files and directories.
> > root/.cshrc:
> > permissions (0644, 0555)
> > root/.profile:
> > permissions (0644, 0555)
>
> This is a problem with unpriviliged build. This should be at least
> partially adressed in -current with the following commit, which should
> be pulled up, I guess:
>
> Module Name: src
> Committed By: uwe
> Date: Sat Nov 17 23:08:38 UTC 2012
>
> Modified Files:
> src/etc/root: Makefile
>
> Log Message:
> We don't need to include <bsd.prog.mk> to install a few config files
> just <bsd.files.mk> and <bsd.links.mk> is enough.
>
> Noticed because <bsd.prog.mk> sets LINKSMODE to BINMODE and that does
> the wrong thing at least for unprivileged builds.
I just checked with NetBSD 7.0RC1, this problem is gone so the PR
can be closed.
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Tue, 23 Jun 2015 08:05:05 +0000
State-Changed-Why:
Fixed in -7 and -current, thanks for the report!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.