I tried to use samba mount for /tmp directory. But when I tried to emerge new packages, emerge does not have enough permission to remove sandboxpids.tmp file. Reproducible: Always Steps to Reproduce: 1. make symbolic link (ln -s /mnt/some_samba_share/directory/tmp /tmp), username for samba was not root so it might have some effect 2. emerge new package Actual Results: emerge reported that it could not remove sandboxpids.tmp file because it has not the right permissions Expected Results: It should be possible to emerge packages when /tmp is located on samba mounted directory
a) what are the actual permissions of /tmp? (output of ls -ld /tmp `readlink /tmp`) b) what is the exact error message? c) emerge --info
Here is the requested info: bash-2.05b# emerge ifstat Calculating dependencies ...done! >>> emerge (1 of 1) net-analyzer/ifstat-1.0 to / >>> md5 src_uri ;-) ifstat-1.0.tar.gz File in security violation (world write): /tmp/sandboxpids.tmp Unable to delete file in security violation (bad owner/group): /tmp/sandboxpids.tmp bash-2.05b# ls -ld /tmp `readlink /tmp` drwxrwxrwx 1 ile users 0 Aug 4 20:35 /mnt/share2/tmp lrwxrwxrwx 1 root root 15 Aug 4 21:19 /tmp -> /mnt/share2/tmp bash-2.05b# emerge --info Portage 2.0.50-r9 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3.20040420-r0, 2.6.7-gentoo-r11) ================================================================= System uname: 2.6.7-gentoo-r11 i686 Intel(R) Pentium(R) 4 CPU 2.40GHz Gentoo Base System version 1.4.16 ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -mcpu=pentium4 -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.1/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -mcpu=pentium4 -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo/ ftp://trumpetti.atm.tut.fi/gentoo/ http://ds.thn.htu.se/linux/gentoo http://mirror.pudas.net/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X alsa apm arts avi berkdb bonobo cdr crypt cups dvd dvdr emacs emacs-w3 encode esd foomaticdb gdbm gif gphoto2 gpm guile imlib java javascript jpeg kde libg++ libwww mad mikmod motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime radeon readline sdl slang spell ssl svga tcpd tetex transcode truetype x86 xml2 xmms xv zlib"
Post these please: mount | grep tmp ls -l /tmp/sandboxpids.tmp ls -lL /tmp/sandboxpids.tmp id
bash-2.05b# emerge ifstat Calculating dependencies ...done! >>> emerge (1 of 1) net-analyzer/ifstat-1.0 to / >>> md5 src_uri ;-) ifstat-1.0.tar.gz Unable to delete file in security violation (bad owner/group): /tmp/sandboxpids.tmp bash-2.05b# mount | grep tmp none on /dev/shm type tmpfs (rw) bash-2.05b# ls -l /tmp/sandboxpids.tmp ---xr--r-- 1 ile users 0 Aug 4 20:35 /tmp/sandboxpids.tmp bash-2.05b# ls -lL /tmp/sandboxpids.tmp ---xr--r-- 1 ile users 0 Aug 4 20:35 /tmp/sandboxpids.tmp bash-2.05b# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) *********************************************************** 'mount | grep tmp' did not found anything becaus /tmp is symbolic link to directory in samba server. Below is little more info... bash-2.05b# ls -l tmp lrwxrwxrwx 1 root root 15 Aug 5 23:59 tmp -> /mnt/share2/tmp bash-2.05b# mount | grep share2 //192.168.0.77/share2 on /mnt/share2 type smbfs (0)
Makes sense that it's a security violation if it's a samba share... Samba doesn't do permissions nor does it do ownerships.