[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Very Strange Script
On Tue, 17 Nov 1998, Ben Nes Michael wrote:
> Hi
>
> Some of your explanation still hard too me.
O o o o k. I w i l l t r y t o w r i t e s l o w e r.
> The /etc/profile have not changed and is the same as other computer that i
> installed with RH5.1 and im sure as much as i can that no one hacked in.
> What do you mean by fixing the path ? now all the path are full path
> >
> > Also, if you use public temps, do you use a private umask in your script,
> > yes ?
>
> Never thought about it, will do from now. Is it have connection to the
> problem or just security mention ?
When you make a file (a tmp) it is created with your umask. tmp files
should be made 600 or at most 640 (not by users). Thus, you need a umask
of ~700 = 077 in a script. Add 'umask 077' somewhere at the start. It is
better to make tmps in a more private place (such as ~/tmp), especially
if you back up user's files which may contain clear text passwords etc.
Beware: I am not a security expert. tcsh may use a different scheme (I use
bash for system stuff).
> > > X-Cron-Env: <LOGNAME=root>
> > > Status: O
> > >
> > > detail-11
> > > SSH_AUTH_SOCK=/tmp/ssh-root/agent-socket-23019: Command not found.
> > > export: Command not found.
> >
> > Guess why not
>
> No clue :-(
> I don't know what is this expert command. Its not part of the script.
a) it's export, not expert
b) to find where or what something is you can try: 'which $SUBJ' as root.
RTFM which. Thereafter add the resp. path to the PATH. BTW export is NOT
under tcsh and/or you have no tcsh. export is under bash (RTFM bash,
tcsh topic: environment variable export).
c) there may be other issues. F.ex. umask is under bash too.
I have no experience with ssh because I use something else that I wrote
myself for similar purposes.
To start some debugging attempts put this command in your script at the
start:
env >/tmp/debug-script.out
(after the umask 077 please). Then compare this with the env output when
run as root.
Peter