Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Bad things about /scripts/securetmp :(

Discussion in 'General Discussion' started by sh4ka, Sep 11, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    444
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Uruguay
    cPanel Access Level:
    DataCenter Provider
    I just realise that if I run this script, it creates tmp/ and /usr/tmpDSK with full access..
    now after i talked with a datacenter-level 2 tech told me to change it to 544 and now it is dr-xr--r-- 5 root root 11K Sep 11 10:15 tmp/ .

    What are the right permissions for the tmp and var/tmp directories ????? I think full access is such a security hole..

    Now, i know the /scripts/securetmp runs from the booting securing again after the server reboot... do i have to change it back to 544 or it will rewrite permissions to 777 ?

    thkz!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Blue|Fusion

    Blue|Fusion Well-Known Member

    Joined:
    Sep 12, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Cleveland, Ohio
    Should be chmod'd 1777 but mounted with nosuid,noexec,nodev for best security.
     
  3. djroketboy

    djroketboy Member

    Joined:
    Sep 28, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    is there a way to get it back to normal after you run the securetmp script? I ran it a while ago, and it's caused nothting but headaches since...
     
  4. Blue|Fusion

    Blue|Fusion Well-Known Member

    Joined:
    Sep 12, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Cleveland, Ohio
    How was it before? Just a subdirectory of / or was it a seperate partition?
     
  5. djroketboy

    djroketboy Member

    Joined:
    Sep 28, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    it was just a sub directory off /
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    You need to stop the processes that have access to it, usually:

    cd /root/
    service chkservd stop
    service httpd stop
    service mysql stop
    service postgresql stop
    killall imapd


    then unmount the partition:

    umount /tmp
    umount /var/tmp


    If you get a mount error because of open files, run the following:

    lsof | grep /tmp

    and kill off any PID's with files open. Then repeat the umount commands.

    Type in df to make sure it's not a mount point for /tmp anymore.

    Then make sure that you have an existing /tmp with the correct permissions:

    ls -lad /tmp

    Should read:

    drwxrwxrwt 4 root root 2048 Sep 12 10:13 /tmp/

    If not,:

    mkdir /tmp
    chmod 1777 /tmp


    Then restart your stopped processes:

    service postgresql start
    service mysql start
    service httpd start
    service chkservd start


    If all looks good, remove the lines that run /scripts/securetmp from /etc/rc.d/rc.local and delete the file /usr/tmpDSK.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. djroketboy

    djroketboy Member

    Joined:
    Sep 28, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    151
    wow, thanks :) everything is working again, much much appreciated.
     
  8. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    316
    Hi!
    This really solved my problem, but, just unmount /tmp ?
    Don't need to mount it back ? Why ?
     
  9. jameshsi

    jameshsi Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    316
    Although Chirpy's solution solved my problem, I still have want to know why cpanel use securetmp if it will cause problem, and why it is only cause problem for some people, not every of us ?
    Should I stay with this solution or I should change back securetmp someday ?
     
  10. pats

    pats Well-Known Member

    Joined:
    Mar 13, 2002
    Messages:
    78
    Likes Received:
    0
    Trophy Points:
    306
    even after undoing the securetmp Emails are not going...

    == xyz@mydomain.org R=virtual_user T=virtual_userdelivery defer (13): Permission denied: failed to open tmp/1157223427.H611403P5999.mer.servername.com (10 tries)

    any advices?

    thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice