# Wrong permissions on /var/db/entropy?



## frybsd (Dec 26, 2013)

I'm a newbie on FreeBSD (9.2-RELEASE), but I think the permissions set on directory /var/db/entropy are wrong: Instead of operator:bin, it is bin:operator. I haven't touched any of these directly.


```
root:/var/db # ls -la
total 1460
drwxr-xr-x  10 root    wheel         512 Dec 26 09:36 .
drwxr-xr-x  24 root    wheel         512 Dec 26 10:02 ..
drwx------   2 bin     operator      512 Dec 26 10:10 entropy
```

And this causes an error in /etc/crontab which calls /usr/libexec/save-entropy using user operator:


```
*/11    *   *   *      *   operator /usr/libexec/save-entropy
```

/usr/libexec/save-entropy in turn tries to access said directory /var/db/entropy:


```
case ${entropy_dir} in
[Nn][Oo])
   exit 0
   ;;
*)
   entropy_dir=${entropy_dir:-/var/db/entropy}
   ;;
esac

cd "${entropy_dir}" || {
   logger -is -t "$0" Cannot cd to the entropy directory: "${entropy_dir}". \
       Entropy file rotation is aborted.; exit 1; }
```

Resulting in endless error messages in /var/log/messages like these:


```
Dec 26 10:11:00 www /usr/libexec/save-entropy[930]: Cannot cd to the entropy directory: /var/db/entropy. Entropy file rotation is aborted.
Dec 26 10:22:00 www /usr/libexec/save-entropy[1028]: Cannot cd to the entropy directory: /var/db/entropy. Entropy file rotation is aborted.
Dec 26 10:33:00 www /usr/libexec/save-entropy[1045]: Cannot cd to the entropy directory: /var/db/entropy. Entropy file rotation is aborted.
Dec 26 10:44:00 www /usr/libexec/save-entropy[1063]: Cannot cd to the entropy directory: /var/db/entropy. Entropy file rotation is aborted.
```

Does this mean that my entropy is broken?


----------



## kpa (Dec 26, 2013)

The owner and group of the directory should be both operator as far as I know. Do a `chown operator /var/db/entropy` as root and that should fix the problem.

Edit: It is in fact operator:operator if you look at the mtree(8) configuration for the directory in the SVNWeb repository. No idea though how your directory has a wrong owner.

http://svnweb.freebsd.org/base/releng/9.2/etc/mtree/BSD.var.dist?revision=255401&view=markup


----------



## frybsd (Dec 26, 2013)

But does that mean that the SSH and SSL keys I've generated since then were "useless"? According to /usr/libexec/save-entropy, it's the seed for /dev/random:

```
# This script is called by cron to store bits of randomness which are
# then used to seed /dev/random on boot.
```


----------



## kpa (Dec 26, 2013)

The keys are completely ok, the random device is seeded by other means if the saved entropy is not available.


----------

