[support] Very Strange Security Breach

prothero prothero at geol.ucsb.edu
Fri Dec 17 20:10:35 UTC 2010 

Fixed! The /tmp dir is not the one I thought it was. It's at the root  
directory of the entire web site. Doh...., the file paths it gave me  
were the absolute paths relative to server root, not the /tmp that was  
in my /home/public_html/.... etc directory. It now works, but I truly  
didn't change it. The security module may have done something.

I'm wondering if it's secure to have the /tmp dir writeable for  
everyone. Drupal gives me the error unless it is. Or, perhaps I need  
to figure out the group that mysql is part of. The only groups I have  
are: root bin daemon sys adm disk wheel

Regards,
Bill

William A. Prothero
http://earthednet.org/



On Dec 17, 2010, at 11:22 AM, Jarry wrote:

> On 17. 12. 2010 20:04, prothero wrote:
>> Folks:
>> Not only do I get this error code, but several modules on my site  
>> have
>> stopped working. The only thing I did was install the security module
>> and mess with permissions on the /tmp folder. Sheesh! Very  
>> frustrating.
>> Bill
>
> I do not think you could mess your site just with changing /tmp
> permissions and reverting it back. I just tried it in one of my
> vservers (did backup before, of course), and site is working.
> You must have changed something else too...
>
> btw, my /tmp is "drwxrwxrwt   4 root root". Check yours!
>
> Jarry
>
>>> --message:
>>> user warning: Can't create/write to file '/tmp/#sql_3cb2_0.MYI'
>>> (Errcode: 13) query: SELECT DISTINCT b.* FROM blocks b LEFT JOIN
>>> blocks_roles r ON b.module = r.module AND b.delta = r.delta WHERE
>>> b.theme = 'solarsentinel' AND b.status = 1 AND (r.rid IN (2) OR  
>>> r.rid
>>> IS NULL) ORDER BY b.region, b.weight, b.module in
>>> /home/wap/public_html/modules/block/block.module on line 433
>>> --end message.
>>>
>>> I understand that the error is in permissions for the /tmp  
>>> directory.
>>> I got this error when I changed permissions, but now when I do chmod
>>> -R 0777 (as a test), I still get the error. This should set the
>>> permissions to "Everybody can do anything". What's up? I'm not a  
>>> unix
>>> expert, but not a novice either and this confuses me. Does the "#"
>>> char at the start of the file name mean the file is invisible, ??
>
> -- 
> _______________________________________________________________
> This mailbox accepts e-mails only from selected mailing-lists!
> Everything else is considered to be spam and therefore deleted.
> -- 
> [ Drupal support list | http://lists.drupal.org/ ]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20101217/b335c3af/attachment-0001.html

More information about the support mailing list