LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 03-26-2009, 03:26 PM   #1
dblaylock
LQ Newbie
 
Registered: Mar 2009
Distribution: RHEL4, RHEL5, CentOS5
Posts: 4

Rep: Reputation: 0
Question permissions issues - HELP!


So this is a strange one, at least to me and my colleagues.

User jhannon cannot change group ownership of a file, mkdir or create files under directories owned by group 3Analysis. jhannon is a member of both the original and target group. If I do something similar with another user, the permissions work just fine. Any ideas?

----------------------------------------------------------------------
This is from a RHEL4 Desktop disti. (I have tried 5 different systems)
----------------------------------------------------------------------
[jhannon@elvis testdir]$ ls -l
total 0
-rwxrwx--- 1 jhannon jhannon 0 Mar 26 16:12 zdontestfile
[jhannon@elvis testdir]$ groups
jhannon bnac TIU administrative CRU MAU SDU DBMU bluesky AdminU SysAdmins TRM TwikiAuthors fMRI PML ProjCoords 3Analysis Genzyme doppler
[jhannon@elvis testdir]$ chgrp 3Analysis zdontestfile
chgrp: changing group of `zdontestfile': Operation not permitted
[jhannon@elvis testdir]$ ll
total 0
-rwxrwx--- 1 jhannon jhannon 0 Mar 26 16:12 zdontestfile
[jhannon@elvis testdir]$ chgrp TIU zdontestfile
[jhannon@elvis testdir]$ ll
total 0
-rwxrwx--- 1 jhannon TIU 0 Mar 26 16:12 zdontestfile
[jhannon@elvis testdir]$ chgrp 3Analysis zdontestfile
chgrp: changing group of `zdontestfile': Operation not permitted
[jhannon@elvis testdir]$
----------------------------------------------------------------------

----------------------------------------------------------------------
If I try to do this from a new RHEL5 Desktop, the chgrp works.
----------------------------------------------------------------------
[jhannon@trillian testdir]$ ll
total 0
-rwxrwx--- 1 jhannon TIU 0 Mar 26 16:12 zdontestfile
[jhannon@trillian testdir]$ groups
jhannon bnac TIU administrative CRU MAU SDU DBMU bluesky AdminU SysAdmins TRM TwikiAuthors fMRI PML ProjCoords 3Analysis Genzyme doppler
[jhannon@trillian testdir]$ chgrp 3Analysis zdontestfile
[jhannon@trillian testdir]$ ls -l
total 0
-rwxrwx--- 1 jhannon 3Analysis 0 Mar 26 16:12 zdontestfile
----------------------------------------------------------------------

Any help is appreciated....
 
Old 03-26-2009, 11:18 PM   #2
John VV
Guru
 
Registered: Aug 2005
Posts: 12,808

Rep: Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705
you know this dose sound like it is a HOMEWORK Question .
check the groups that "jhannon" belongs to
or make a new user account for jhannon
or , temporally 777 the folder so jhannon can use it .
 
Old 03-27-2009, 08:14 AM   #3
dblaylock
LQ Newbie
 
Registered: Mar 2009
Distribution: RHEL4, RHEL5, CentOS5
Posts: 4

Original Poster
Rep: Reputation: 0
Question More Info

John VV, Thanks for the reply. If it sounds like a homework question, that's probably because I used to write quiz questions for my college. Apparantly some of that has spilled over into my professional life as well. heh.

As you can see, jhannon is in the necessary groups in order to make this work. That is the odd part. In particular the issues seems to be with the 3Analysis group (but only if used with jhannon on RHEL4 systems).

[jhannon@elvis testdir]$ groups
jhannon bnac TIU administrative CRU MAU SDU DBMU bluesky AdminU SysAdmins TRM TwikiAuthors fMRI PML ProjCoords 3Analysis Genzyme doppler

On further investigation, the groups Genzyme and doppler do the same thing with jhannon.

On your second point, how would creating a new user help when I need her primary account to be jhannon (permissions and audit purposes as this is a healthcare research lab).

As for the third, again, I cannot just 777 the directory as it needs to be locked down for permissions and audit purposes.


The strange part of this issue is that it only seems to affect 1 user in 3 of her 19 groups. I cannot get this issue to replicate with anyone else.

Unfortunately, this isn't as easy as throwing a few simple things at a wall and hoping one of them sticks. I've been through that for the past 2 days now.

Thanks again for the reply...
 
Old 03-27-2009, 01:41 PM   #4
John VV
Guru
 
Registered: Aug 2005
Posts: 12,808

Rep: Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705Reputation: 1705
Quote:
...purposes as this is a healthcare research lab...
777 would NOT be a good idea for that .

as i recall rhel 4 dose not use SE but 5 does ( if you are using it )
if SE is set to enforcing that might be a place to look .Some of the "terminals" ( boxes) might be blocking things while other ones might not .

unfortunately this is a bit beyond my skills .
you might want to pm one of the community managers and ask if they can point you to someone with a bunch of experience in this area .

have you talked with your Red Hat tech rep .
 
Old 03-28-2009, 06:52 PM   #5
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
I don' have experience with SELinux either but I believe if it is blocking something there should be an entry in the logs (or at least it can be configured to do so), so you might want to check there. Unless/until you can rule it out I would think that would be worth checking into. I certainly can't think of anything else (other than a bug) that could cause such strange behavior.

SELinux is available on RHEL 4 as the following link shows:

http://www.redhat.com/docs/manuals/e...selinux-guide/
 
Old 03-30-2009, 08:37 PM   #6
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Have you looked at possible acls?

getfacl <filename>

also check for default acl on dir

getfacl <dir>
 
Old 03-31-2009, 08:30 AM   #7
dblaylock
LQ Newbie
 
Registered: Mar 2009
Distribution: RHEL4, RHEL5, CentOS5
Posts: 4

Original Poster
Rep: Reputation: 0
the getfacl on the directory looks just like if I use ll, just in a different format. All of the permissions are correct as far as I can tell.

Does anyone know why I'd be able to do the work on RHEL5 but not RHEL4?


Thanks to all for replying..

Don
 
Old 03-31-2009, 11:06 AM   #8
dblaylock
LQ Newbie
 
Registered: Mar 2009
Distribution: RHEL4, RHEL5, CentOS5
Posts: 4

Original Poster
Rep: Reputation: 0
An update....

After many hours of searching the net and some accidental realizations, I have discovered that there is a 16 group id limit when using NFS and AUTH_SYS. Apparently there are some work arounds, and I'm investigating them now. Anybody else interested in this issue can check out what I have found at:

http://www.insectnation.org/articles...6-group-limit/
http://nfsworld.blogspot.com/2005/03...imitation.html

I am still trying to figure out why this worked on RHEL5 and not on RHEL4, but I'm sure it has something to do with the authentication modes used by each.

Much thanks to responses I did get. It at least let me know that I wasn't the only one lost with this issue.
 
  


Reply

Tags
chgrp, etc, group, mkdir, permissions


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
samba permissions Issues cougar97536 Linux - Server 2 02-21-2009 11:40 PM
Backup Exec Permissions issues greencabby Linux - Enterprise 1 02-13-2007 02:46 PM
Application permissions issues motionid Linux - Newbie 4 08-07-2005 11:24 AM
New to linux, so so lost, auto mounting issues, permissions issues slowhand22 Linux - Newbie 2 02-10-2005 09:41 AM
permissions issues goldenmag Linux - General 3 08-01-2003 08:43 AM


All times are GMT -5. The time now is 08:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration