The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bad things about /scripts/securetmp :(

Discussion in 'General Discussion' started by sh4ka, Sep 11, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    I just realise that if I run this script, it creates tmp/ and /usr/tmpDSK with full access..
    now after i talked with a datacenter-level 2 tech told me to change it to 544 and now it is dr-xr--r-- 5 root root 11K Sep 11 10:15 tmp/ .

    What are the right permissions for the tmp and var/tmp directories ????? I think full access is such a security hole..

    Now, i know the /scripts/securetmp runs from the booting securing again after the server reboot... do i have to change it back to 544 or it will rewrite permissions to 777 ?

    thkz!
     
  2. Blue|Fusion

    Blue|Fusion Well-Known Member

    Joined:
    Sep 12, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cleveland, Ohio
    Should be chmod'd 1777 but mounted with nosuid,noexec,nodev for best security.
     
  3. djroketboy

    djroketboy Member

    Joined:
    Sep 28, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    is there a way to get it back to normal after you run the securetmp script? I ran it a while ago, and it's caused nothting but headaches since...
     
  4. Blue|Fusion

    Blue|Fusion Well-Known Member

    Joined:
    Sep 12, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Cleveland, Ohio
    How was it before? Just a subdirectory of / or was it a seperate partition?
     
  5. djroketboy

    djroketboy Member

    Joined:
    Sep 28, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    it was just a sub directory off /
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You need to stop the processes that have access to it, usually:

    cd /root/
    service chkservd stop
    service httpd stop
    service mysql stop
    service postgresql stop
    killall imapd


    then unmount the partition:

    umount /tmp
    umount /var/tmp


    If you get a mount error because of open files, run the following:

    lsof | grep /tmp

    and kill off any PID's with files open. Then repeat the umount commands.

    Type in df to make sure it's not a mount point for /tmp anymore.

    Then make sure that you have an existing /tmp with the correct permissions:

    ls -lad /tmp

    Should read:

    drwxrwxrwt 4 root root 2048 Sep 12 10:13 /tmp/

    If not,:

    mkdir /tmp
    chmod 1777 /tmp


    Then restart your stopped processes:

    service postgresql start
    service mysql start
    service httpd start
    service chkservd start


    If all looks good, remove the lines that run /scripts/securetmp from /etc/rc.d/rc.local and delete the file /usr/tmpDSK.
     
  7. djroketboy

    djroketboy Member

    Joined:
    Sep 28, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    wow, thanks :) everything is working again, much much appreciated.
     
  8. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Hi!
    This really solved my problem, but, just unmount /tmp ?
    Don't need to mount it back ? Why ?
     
  9. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Although Chirpy's solution solved my problem, I still have want to know why cpanel use securetmp if it will cause problem, and why it is only cause problem for some people, not every of us ?
    Should I stay with this solution or I should change back securetmp someday ?
     
  10. pats

    pats Well-Known Member

    Joined:
    Mar 13, 2002
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    6
    even after undoing the securetmp Emails are not going...

    == xyz@mydomain.org R=virtual_user T=virtual_userdelivery defer (13): Permission denied: failed to open tmp/1157223427.H611403P5999.mer.servername.com (10 tries)

    any advices?

    thanks
     
Loading...

Share This Page